Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set

This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so high that service providers, such as ISPs or web-hosting providers, cannot depend on their customers' host-based defenses. Moreover, the ri...

Full description

Saved in:
Bibliographic Details
Published in2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC) pp. 0114 - 0122
Main Authors Luxemburk, Jan, Hynek, Karel, Cejka, Tomas
Format Conference Proceeding
LanguageEnglish
Published IEEE 27.01.2021
Subjects
Brute-force attacks
Conferences
Detectors
Encrypted traffic
Flow monitoring
HTTPS
IP networks
Machine learning
Monitoring
Open source software
Telecommunication traffic
Traffic analysis
Online AccessGet full text
DOI10.1109/CCWC51732.2021.9375998

Cover

More Information
Summary:This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so high that service providers, such as ISPs or web-hosting providers, cannot depend on their customers' host-based defenses. Moreover, the rising usage of encryption makes it more difficult to detect attacks on the network level. In our research, we created a dataset, which consists of 1.8 million extended IP flows from a backbone network combined with IP flows generated with three popular open-source brute-forcing tools. We identified a distinctive packet-level feature set and trained a machine-learning classifier with a false positive rate of 10 -4 and a true positive rate (the ratio of discovered attacks) of 0.938. The achieved results surpass the state-of-the-art solutions and show that the developed HTTPS brute-force detection algorithm is viable for production deployment.
DOI:10.1109/CCWC51732.2021.9375998