Litcius/Paper detail

Detection of HTTPS Brute-Force Attacks with Packet-Level Feature Set

Jan Luxemburk, Karel Hynek, Tomáš Čejka

202118 citationsDOI

Abstract

This paper presents a novel approach to detect brute-force attacks against web services in high-speed networks. The prevalence of brute-force attacks is so high that service providers, such as ISPs or web-hosting providers, cannot depend on their customers' host-based defenses. Moreover, the rising usage of encryption makes it more difficult to detect attacks on the network level. In our research, we created a dataset, which consists of 1.8 million extended IP flows from a backbone network combined with IP flows generated with three popular open-source brute-forcing tools. We identified a distinctive packet-level feature set and trained a machine-learning classifier with a false positive rate of 10 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">-4</sup> and a true positive rate (the ratio of discovered attacks) of 0.938. The achieved results surpass the state-of-the-art solutions and show that the developed HTTPS brute-force detection algorithm is viable for production deployment.

Topics & Concepts

Brute-force attackComputer scienceBrute forceNetwork packetBotnetDenial-of-service attackEncryptionFeature (linguistics)False positive rateSet (abstract data type)Classifier (UML)Software deploymentComputer securityComputer networkData miningArtificial intelligenceThe InternetWorld Wide WebOperating systemLinguisticsPhilosophyProgramming languageInternet Traffic Analysis and Secure E-votingNetwork Security and Intrusion DetectionAdvanced Malware Detection Techniques