The increase in connectivity capabilities, resources, and data availability, has undoubtedly brought many advantages in gaining access to services quickly. At the same time, it also made possible numerous and sophisticated cybersecurity attacks affecting companies, national infrastructures, organizations, and, ultimately, users across the globe. Some cyberattacks, namely the zero-day attacks are difficult to counter because by the time such attacks are discovered and countermeasures are implemented and deployed, other unknown attack variants might occur. Thus, in recent years, anomaly-based Intrusion Detection Systems (IDS) using machine learning (ML) and deep learning (DL) techniques have been proposed to mitigate such attacks, namely "unknown" attacks. An anomaly-based IDS performs traffic analysis by exploiting supervised or unsupervised ML and DL algorithms, and raises alerts if a suspicious pattern is encountered. In this paper, we used an anomaly-based security attack detection model exploiting the unsupervised ML autoencoder model to detect variants of the Heartbleed attack affecting the famous Transport Layer Security (TLS) protocol. By using the CIC-IDS2017 dataset and a custom Heartbleed dataset, we evaluate our model for detecting the Heartbleed attack. The results are encouraging, since the proposed autoencoder-based model recognizes Heartbleed TLS anomalies and distinguishes them from benign traffic in 85% of the tested cases.
Fighting TLS Attacks: an Autoencoder-based Model for Heartbleed Attack Detection / Berbecaru, Diana; Giannuzzi, Stefano. - ELETTRONICO. - 1138:(2024), pp. 40-54. (Intervento presentato al convegno The 16th International Symposium on Intelligent Distributed Computing tenutosi a Hamburg (DEU) nel 13 - 15 September 2023) [10.1007/978-3-031-60023-4_9].
Fighting TLS Attacks: an Autoencoder-based Model for Heartbleed Attack Detection
BERBECARU,Diana;Giannuzzi, Stefano
2024
Abstract
The increase in connectivity capabilities, resources, and data availability, has undoubtedly brought many advantages in gaining access to services quickly. At the same time, it also made possible numerous and sophisticated cybersecurity attacks affecting companies, national infrastructures, organizations, and, ultimately, users across the globe. Some cyberattacks, namely the zero-day attacks are difficult to counter because by the time such attacks are discovered and countermeasures are implemented and deployed, other unknown attack variants might occur. Thus, in recent years, anomaly-based Intrusion Detection Systems (IDS) using machine learning (ML) and deep learning (DL) techniques have been proposed to mitigate such attacks, namely "unknown" attacks. An anomaly-based IDS performs traffic analysis by exploiting supervised or unsupervised ML and DL algorithms, and raises alerts if a suspicious pattern is encountered. In this paper, we used an anomaly-based security attack detection model exploiting the unsupervised ML autoencoder model to detect variants of the Heartbleed attack affecting the famous Transport Layer Security (TLS) protocol. By using the CIC-IDS2017 dataset and a custom Heartbleed dataset, we evaluate our model for detecting the Heartbleed attack. The results are encouraging, since the proposed autoencoder-based model recognizes Heartbleed TLS anomalies and distinguishes them from benign traffic in 85% of the tested cases.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2987308