TY - GEN
T1 - Active and Passive Attack Detection Methods for Malicious Encrypted Traffic
AU - Gao, Rui
AU - Lu, Hui
AU - Zhou, Houlin
AU - Zheng, Chengcong
AU - Tian, Zhihong
AU - Du, Xiaojiang
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The encryption of traffic data offers a means of protecting the security of data and the private information of the public. However, this same technology also presents a potential avenue for attackers to conceal malicious activities. Attackers hide malicious behaviour in encrypted traffic data to bypass detection by firewalls or early intrusion detection systems (IDS). In order to cope with malicious encrypted traffic, traffic attack detection is classified into active and passive detection depending on the way it is handled. Active detection is mainly based on searchable traffic detection and traffic plaintext data parsing. Measures such as analysing controllable transmission protocols and trusted execution environments are used to ensure both attack detection efficiency and privacy security. Passive detection focuses on feature construction of encrypted traffic. The characterisation of traffic data from multiple perspectives, including channel and context, is achieved through the utilisation of machine learning or deep learning models, thereby facilitating the generation of accurate prediction outcomes. This paper offers an overview of existing detection methods from two distinct vantage points: active attack detection and passive attack detection. Finally, the paper presents a summary of the strengths and weaknesses of existing methods and suggests potential avenues for future research.
AB - The encryption of traffic data offers a means of protecting the security of data and the private information of the public. However, this same technology also presents a potential avenue for attackers to conceal malicious activities. Attackers hide malicious behaviour in encrypted traffic data to bypass detection by firewalls or early intrusion detection systems (IDS). In order to cope with malicious encrypted traffic, traffic attack detection is classified into active and passive detection depending on the way it is handled. Active detection is mainly based on searchable traffic detection and traffic plaintext data parsing. Measures such as analysing controllable transmission protocols and trusted execution environments are used to ensure both attack detection efficiency and privacy security. Passive detection focuses on feature construction of encrypted traffic. The characterisation of traffic data from multiple perspectives, including channel and context, is achieved through the utilisation of machine learning or deep learning models, thereby facilitating the generation of accurate prediction outcomes. This paper offers an overview of existing detection methods from two distinct vantage points: active attack detection and passive attack detection. Finally, the paper presents a summary of the strengths and weaknesses of existing methods and suggests potential avenues for future research.
KW - Attack Detection
KW - Encrypted Traffic
KW - Machine Learning
KW - Privacy and Security
UR - http://www.scopus.com/inward/record.url?scp=85214673306&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85214673306&partnerID=8YFLogxK
U2 - 10.1109/WiMob61911.2024.10770521
DO - 10.1109/WiMob61911.2024.10770521
M3 - Conference contribution
AN - SCOPUS:85214673306
T3 - International Conference on Wireless and Mobile Computing, Networking and Communications
SP - 359
EP - 364
BT - 2024 20th International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob 2024
T2 - 20th International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob 2024
Y2 - 21 October 2024 through 23 October 2024
ER -