Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set
This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so high that service providers, such as ISPs or web-hosting providers, cannot depend on their customers' host-based defenses. Moreover, the ri...
Saved in:
| Published in | 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC) pp. 0114 - 0122 |
|---|---|
| Main Authors | , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
27.01.2021
|
| Subjects | |
| Online Access | Get full text |
| DOI | 10.1109/CCWC51732.2021.9375998 |
Cover
| Abstract | This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so high that service providers, such as ISPs or web-hosting providers, cannot depend on their customers' host-based defenses. Moreover, the rising usage of encryption makes it more difficult to detect attacks on the network level. In our research, we created a dataset, which consists of 1.8 million extended IP flows from a backbone network combined with IP flows generated with three popular open-source brute-forcing tools. We identified a distinctive packet-level feature set and trained a machine-learning classifier with a false positive rate of 10 -4 and a true positive rate (the ratio of discovered attacks) of 0.938. The achieved results surpass the state-of-the-art solutions and show that the developed HTTPS brute-force detection algorithm is viable for production deployment. |
|---|---|
| AbstractList | This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so high that service providers, such as ISPs or web-hosting providers, cannot depend on their customers' host-based defenses. Moreover, the rising usage of encryption makes it more difficult to detect attacks on the network level. In our research, we created a dataset, which consists of 1.8 million extended IP flows from a backbone network combined with IP flows generated with three popular open-source brute-forcing tools. We identified a distinctive packet-level feature set and trained a machine-learning classifier with a false positive rate of 10 -4 and a true positive rate (the ratio of discovered attacks) of 0.938. The achieved results surpass the state-of-the-art solutions and show that the developed HTTPS brute-force detection algorithm is viable for production deployment. |
| Author | Cejka, Tomas Luxemburk, Jan Hynek, Karel |
| Author_xml | – sequence: 1 givenname: Jan surname: Luxemburk fullname: Luxemburk, Jan email: luxemburk@cesnet.cz organization: FIT CTU & CESNET a.l.e – sequence: 2 givenname: Karel surname: Hynek fullname: Hynek, Karel email: hynekkar@cesnet.cz organization: FIT CTU & CESNET a.l.e – sequence: 3 givenname: Tomas surname: Cejka fullname: Cejka, Tomas email: cejkat@cesnet.cz organization: CESNET a.l.e |
| BookMark | eNotj91KwzAYQCPohZt7AkHyAq35T77L2VknFDZYxcuRpl8xOFvJMsW3V3BX51wdODNyOU4jEnLHWck5g_uqeq00t1KUgglegrQawF2QGTdGK66A8WuyWmHGkOM00mmg67bd7uhDOmUs6ikFpMucfXg_0u-Y3-j2TzEXDX7hgdbo8ykh3WG-IVeDPxxxceacvNSPbbUums3Tc7VsiiiYzIXtemeEZA4cEwjAPLP9MACqAD2XwTCDUgIItMKJToPwyruuR9cHrVWQc3L7342IuP9M8cOnn_15TP4CmmJG4A |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/CCWC51732.2021.9375998 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 1665414901 9781665414906 |
| EndPage | 0122 |
| ExternalDocumentID | 9375998 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i203t-7bd8623089802e990a07dff9e4c9d13c606e33992e7282b592a4a8bde8dc554c3 |
| IEDL.DBID | RIE |
| IngestDate | Thu Jun 29 18:38:24 EDT 2023 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-7bd8623089802e990a07dff9e4c9d13c606e33992e7282b592a4a8bde8dc554c3 |
| PageCount | 9 |
| ParticipantIDs | ieee_primary_9375998 |
| PublicationCentury | 2000 |
| PublicationDate | 2021-Jan.-27 |
| PublicationDateYYYYMMDD | 2021-01-27 |
| PublicationDate_xml | – month: 01 year: 2021 text: 2021-Jan.-27 day: 27 |
| PublicationDecade | 2020 |
| PublicationTitle | 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC) |
| PublicationTitleAbbrev | CCWC |
| PublicationYear | 2021 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 1.8454999 |
| Snippet | This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 0114 |
| SubjectTerms | Brute-force attacks Conferences Detectors Encrypted traffic Flow monitoring HTTPS IP networks Machine learning Monitoring Open source software Telecommunication traffic Traffic analysis |
| Title | Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set |
| URI | https://ieeexplore.ieee.org/document/9375998 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LSwMxEA5tT55UWvFNDh7NdneTNJujbC1FrBTaYm8lj1kQYVdK9tJfb7JdK4oHbyEk5DGBb2Yy3wxCd0JYxtOCEmUglDBLNJFAOTEJAya1hAKCH3L2Mpqu2NOarzvo_sCFAYAm-Ayi0Gz-8m1l6uAqG3oo5d486KKuf2Z7rlZL-k1iOczz15wnggZ6VZpE7eAfVVMa0Jgco9nXcvtYkfeodjoyu1-ZGP-7nxM0-Kbn4fkBeE5RB8o-Go_BNWFVJa4KPF0u5wvsBeeATKqtn_DgXKDT4-B4xXPfBEeeQ8QQDlpgvQW8ADdAq8njMp-StkQCeUtj6ojQ1pskNM5kFqfgkUXFwhaFBGakTajx5gnQkHsWhLetNJepYirTFjJrvCJh6BnqlVUJ5whnXpFSMim4iC0zzGg_hI2YMqmSVDN-gfrhBjYf-ywYm_bwl393X6GjIIXgrEjFNeq5bQ03Hr6dvm3k9gnNYpr9 |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwELZKGWAC1CLeeGDEaRLbTTyilCpAW1VqKrpVsX2REFKCKmfh12OnAQRiYLOss_y44bs733eH0E0UacbDgpJcgWthFkgigHKiAgZMSAEFuDjkdDZMl-xxxVcddPvFhQGAJvkMPDds_vJ1pWoXKhtYKOXWPdhBuxb3Gd-ytVrab-CLQZI8JzyIqCNYhYHXiv_om9LAxvgATT833GaLvHq1kZ56_1WL8b8nOkT9b4Ienn9BzxHqQNlDoxGYJrGqxFWB0yybL7BVnQEyrjZ2wZ0xjlCPXegVz-0QDJm4nCHs7MB6A3gBpo-W4_ssSUnbJIG8hD41JJLaOiXUj0Xsh2CxJfcjXRQCmBI6oMo6KEBd9VmIrHcluQhzlsdSQ6yVNSUUPUbdsirhBOHYmlK5CAoe-ZoppqQVYUOWqzAXVDJ-inruBdZv2zoY6_byZ39PX6O9NJtO1pOH2dM52ncacaGLMLpAXbOp4dKCuZFXjQ4_AB42nko |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2021+IEEE+11th+Annual+Computing+and+Communication+Workshop+and+Conference+%28CCWC%29&rft.atitle=Detection+of+HTTPS+Brute-Force+Attacks+with+Packet-Level+Feature+Set&rft.au=Luxemburk%2C+Jan&rft.au=Hynek%2C+Karel&rft.au=Cejka%2C+Tomas&rft.date=2021-01-27&rft.pub=IEEE&rft.spage=0114&rft.epage=0122&rft_id=info:doi/10.1109%2FCCWC51732.2021.9375998&rft.externalDocID=9375998 |