期刊名称:International Journal of Innovative Research in Science, Engineering and Technology
印刷版ISSN:2347-6710
电子版ISSN:2319-8753
出版年度:2016
卷号:5
期号:6
页码:10759
DOI:10.15680/IJIRSET.2015.0506222
出版社:S&S Publications
摘要:Web-based applications are becoming common; attacks against these applications pose a seriousproblem. An Intrusion Detection System (IDS) is one way of dealing with such attacks. An Intrusion DetectionSystems (IDS) is located beside the web server and monitors the users’ activities by protocol analysis and patternmatching. In other words, IDSes reconstruct HTTP headers and payload from captured packets, and identify attacks bycomparing traffic to signatures of attacks. Thus the process requires the privilege of watching the entire payload ofpackets. Because the IDSes inspect the contents of a packet, it is difficult to find attacks by the current IDS. Thisapproach applies encrypted traffic analysis to intrusion detection, which analyses contents of encrypted traffic usingonly data size and timing without decryption. First, the system extracts information from encrypted traffic, which is aset comprising data size and timing or each web client. Second, the accesses are distinguished based on similarity of theinformation and access frequencies are calculated. Finally, malicious activities are detected according to rulesgenerated from the frequency. One of the reasons is the increasing use of encrypted communication that strongly limitsthe detection of malicious activities. To overcome this shortcoming here present a new behavior-based detectionarchitecture that uses similarity measurements to detect intrusions as well as insider activities like data exfiltration inencrypted environments. Similarity based intrusion and extrusion detection show that the system detects various attackslike SQL injection, DOS, Brute force Attacks with a high degree of accuracy.
关键词:IDS; Encrypted Environment; SQL injection; DOS; Brute force Attacks