Archivio Istituzionale della RicercaIn recent years, anomaly-based intrusion detection systems using machine learning (ML) and deep learning techniques have started to be developed to mitigate cybersecurity attacks. An anomaly-based intrusion detection system performs traffic analysis by exploiting supervised or unsupervised ML algorithms and raises alerts if a suspicious pattern is encountered. In this paper, we exploit the Autoencoder neural network model to detect variants of a very famous attack discovered in 2014, namely Heartbleed. The attack was caused by an implementation flaw in the OpenSSL library, widely used in web servers, database systems, or e-mail servers to support the Transport Layer Security (TLS) protocol. To evaluate our model, we exploited the CIC-IDS2017 dataset and a custom one created on purpose. The proposed model recognized the anomalous TLS connections containing variants of the Heartbleed attack and distinguished them from the benign traffic in 85% of the cases.
On Detecting Anomalous TLS Connections with Artificial Intelligence Models / Berbecaru, Diana Gratiela; Giannuzzi, Stefano. - ELETTRONICO. - (2024), pp. 1-6. (Intervento presentato al convegno ISCC-2024: IEEE Symposium on Computers and Communications tenutosi a Paris (FRA) nel 26-29 June 2024) [10.1109/ISCC61673.2024.10733669].
On Detecting Anomalous TLS Connections with Artificial Intelligence Models
Berbecaru, Diana Gratiela;Giannuzzi, Stefano
2024
Abstract
In recent years, anomaly-based intrusion detection systems using machine learning (ML) and deep learning techniques have started to be developed to mitigate cybersecurity attacks. An anomaly-based intrusion detection system performs traffic analysis by exploiting supervised or unsupervised ML algorithms and raises alerts if a suspicious pattern is encountered. In this paper, we exploit the Autoencoder neural network model to detect variants of a very famous attack discovered in 2014, namely Heartbleed. The attack was caused by an implementation flaw in the OpenSSL library, widely used in web servers, database systems, or e-mail servers to support the Transport Layer Security (TLS) protocol. To evaluate our model, we exploited the CIC-IDS2017 dataset and a custom one created on purpose. The proposed model recognized the anomalous TLS connections containing variants of the Heartbleed attack and distinguished them from the benign traffic in 85% of the cases.
| File | Dimensione | Formato | |
|---|---|---|---|
|
On_Detecting_Anomalous_TLS_Connections_with_Artificial_Intelligence_Models.pdf
non disponibili
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
480.91 kB
Formato
Adobe PDF
|
480.91 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2991693