Cyber Attack Detection with Encrypted Network Connection Analysis
Küçük Resim Yok
Tarih
2024
Dergi Başlığı
Dergi ISSN
Cilt Başlığı
Yayıncı
Springer Science and Business Media Deutschland GmbH
Erişim Hakkı
info:eu-repo/semantics/closedAccess
Özet
The evolution of science and technology has led to increasingly complex cyber security threats, with advanced evasion techniques and encrypted communication channels making attacks harder to detect. While encryption has improved privacy and confidentiality for users, it has also provided a new avenue for attackers to exploit. Traditional intrusion detection systems, which transitioned from signature-based to behavior-based approaches, have struggled to keep up with these challenges. To address this issue, researchers have turned to continuous system monitoring and network traffic packet analysis. However, this method can be resource-intensive and time-consuming, particularly when analyzing encrypted packets. In this study, the JA3 fingerprint infrastructure was examined as a potential solution for quickly detecting attacks conducted over encrypted sessions while minimizing system downtime and damage. The results demonstrated that the JA3 infrastructure effectively detected attacks carried out via encrypted channels. Although Windows 10 and Kali 2020.4 operating systems were used as the victim and attacker systems respectively, the methodology can be applied to other operating systems and network hardware by following the outlined steps. This research is expected to make a significant contribution to the field of encryption-based attack prevention. © 2024, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
Açıklama
12th International Symposium on Intelligent Manufacturing and Service Systems, IMSS 2023 -- 26 May 2023 through 28 May 2023 -- Istanbul -- 302369
Anahtar Kelimeler
Continious Monitoring; Cryptography; Cyber Security; Finger Print; JA3; Network; TLS
Kaynak
Lecture Notes in Mechanical Engineering
WoS Q Değeri
Scopus Q Değeri
Q4
