Intrusion Detection for Encrypted Web Accesses

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Akira Yamada Articles by Yutaka Miyake Articles by Keisuke Takemori Articles by Ahren Studer Articles by Adrian Perrig

21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)

Niagara Falls, Ontario, Canada

May 21-May 23

ISBN: 0-7695-2847-3

	ASCII Text	x
	Akira Yamada, Yutaka Miyake, Keisuke Takemori, Ahren Studer, Adrian Perrig, "Intrusion Detection for Encrypted Web Accesses," Advanced Information Networking and Applications Workshops, International Conference on, vol. 1, pp. 569-576, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07), 2007.

	BibTex	x
	@article{ 10.1109/AINAW.2007.212, author = {Akira Yamada and Yutaka Miyake and Keisuke Takemori and Ahren Studer and Adrian Perrig}, title = {Intrusion Detection for Encrypted Web Accesses}, journal ={Advanced Information Networking and Applications Workshops, International Conference on}, volume = {1}, year = {2007}, isbn = {0-7695-2847-3}, pages = {569-576}, doi = {http://doi.ieeecomputersociety.org/10.1109/AINAW.2007.212}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Advanced Information Networking and Applications Workshops, International Conference on TI - Intrusion Detection for Encrypted Web Accesses SN - 0-7695-2847-3 SP569 EP576 A1 - Akira Yamada, A1 - Yutaka Miyake, A1 - Keisuke Takemori, A1 - Ahren Studer, A1 - Adrian Perrig, PY - 2007 KW - null VL - 1 JA - Advanced Information Networking and Applications Workshops, International Conference on ER -

Akira Yamada, KDDI R&D Laboratories Inc., Japan

Yutaka Miyake, KDDI R&D Laboratories Inc., Japan

Keisuke Takemori, KDDI R&D Laboratories Inc., Japan

Ahren Studer, Carnegie Mellon University

Adrian Perrig, Carnegie Mellon University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/AINAW.2007.212

As various services are provided as web applications, attacks against web applications constitute a serious problem. Intrusion Detection Systems (IDSes) are one solution, however, these systems do not work effectively when the accesses are encrypted by protocols. Because the IDSes inspect the contents of a packet, it is difficult to find attacks by the current IDS. This paper presents a novel approach to anomaly detection for encrypted web accesses. This approach applies encrypted traffic analysis to intrusion detection, which analyzes contents of encrypted traffic using only data size and timing without decryption. First, the system extracts information from encrypted traffic, which is a set comprising data size and timing for each web client. Second, the accesses are distinguished based on similarity of the information and access frequencies are calculated. Finally, malicious activities are detected according to rules generated from the frequency of accesses and characteristics of HTTP traffic. The system does not extract private information or require enormous pre-operation beforehand, which are needed in conventional encrypted traffic analysis. We show that the system detects various attacks with a high degree of accuracy, adopting an actual dataset gathered at a gateway of a network and the DARPA dataset.

Citation:

Akira Yamada, Yutaka Miyake, Keisuke Takemori, Ahren Studer, Adrian Perrig, "Intrusion Detection for Encrypted Web Accesses," ainaw, vol. 1, pp.569-576, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.