iDeFEND: Intrusion Detection Framework for Encrypted Network Data
Network Intrusion Detection Systems have been used for many years to inspect network data and to detect intruders. Nowadays, more and more often encryption is used to protect the confidentiality of network data. When end-to-end encryption is applied, Network Intrusion Detection Systems are blind and can not protect against attacks. In this paper we present iDeFEND, a framework for inspecting encrypted network data without breaking the security model of end-to-end encryption. Our approach does not require any source code of the involved applications and thereby also protects closed source applications. Our framework works independently of the utilized encryption key. We present two use cases how our framework can detect intruders by analysing the network data and how we can test remote applications with enabled network data encryption. To achieve this iDeFEND detects the relevant functions in the target application, extracts and subsequently inspects the data. To test remote applications iDeFEND intercepts and injects user controlled data into the application to test remote applications. Finally we have implemented our framework to show the feasibility of our approach.
iDeFEND: Intrusion Detection Framework for Encrypted Network Data
Proceedings of the 14th International Conference on Cryptology and Network Security (CANS 2015)
| Authors: | Fatih Kilic and Claudia Eckert |
| Year/month: | 2015/ |
| Booktitle: | Proceedings of the 14th International Conference on Cryptology and Network Security (CANS 2015) |
| Volume: | 9476 |
| Series: | Lecture Notes in Computer Science |
| Pages: | 111-118 |
| Publisher: | Springer International Publishing |
| Note: | Network security; Reverse engineering; Intrusion detection, isbn: 978-3-319-26822-4 |
| URL: | http://dx.doi.org/10.1007/978-3-319-26823-1_8 |
Abstract |
|
| Network Intrusion Detection Systems have been used for many years to inspect network data and to detect intruders. Nowadays, more and more often encryption is used to protect the confidentiality of network data. When end-to-end encryption is applied, Network Intrusion Detection Systems are blind and can not protect against attacks. In this paper we present iDeFEND, a framework for inspecting encrypted network data without breaking the security model of end-to-end encryption. Our approach does not require any source code of the involved applications and thereby also protects closed source applications. Our framework works independently of the utilized encryption key. We present two use cases how our framework can detect intruders by analysing the network data and how we can test remote applications with enabled network data encryption. To achieve this iDeFEND detects the relevant functions in the target application, extracts and subsequently inspects the data. To test remote applications iDeFEND intercepts and injects user controlled data into the application to test remote applications. Finally we have implemented our framework to show the feasibility of our approach. | |
Bibtex:
@incolletion { Kilic_iDeFEND,author = { Fatih Kilic and Claudia Eckert},
title = { iDeFEND: Intrusion Detection Framework for Encrypted Network Data },
year = { 2015 },
booktitle = { Proceedings of the 14th International Conference on Cryptology and Network Security (CANS 2015) },
volume = { 9476 },
publisher = { Springer International Publishing },
series = { Lecture Notes in Computer Science },
note = { Network security; Reverse engineering; Intrusion detection, isbn: 978-3-319-26822-4 },
pages = { 111-118 },
url = { http://dx.doi.org/10.1007/978-3-319-26823-1_8 },
}