Abiola Abimbola
NetHost-Sensor: Investigating the capture of end-to-end encrypted intrusive data
Abimbola, Abiola; Munoz, Jose; Buchanan, William J
Abstract
Intrusion Detection Systems (IDSs) are systems that protect against violation of data integrity, confidentiality and availability of resources. In the past 20 years, these systems have evolved with the technology and have become more sophisticated. Despite these advances, IDS is still an immature field, and the benefits obtained from detecting end-to-end encrypted attacks justify the need for more research.
This paper presents possible advantages of an IDS that uses a target host's kernel as its audit source for intrusion analysis against specific attacks. In addition, we describe our research experience in determining what layer, within a protocol stack of a target host, where decrypted data can be captured for intrusion detection. Then, it examines how to capture decrypted data, while communicating via an End-to-End (ETE) encryption channel. The paper proceeds further to discuss our methodology using network communication driver interfaces, investigative experimental procedures and present our experimental results. Finally, discussions on the methodology of our future research, modelling HTTP network data via procedure analysis technique to reduce false positive rate of attacks are presented.
Citation
Abimbola, A., Munoz, J., & Buchanan, W. J. (2006). NetHost-Sensor: Investigating the capture of end-to-end encrypted intrusive data. Computers and Security, 25(6), 445-451. https://doi.org/10.1016/j.cose.2006.04.001
| Journal Article Type | Article |
|---|---|
| Publication Date | 2006-09 |
| Deposit Date | May 26, 2008 |
| Print ISSN | 0167-4048 |
| Publisher | Elsevier |
| Peer Reviewed | Peer Reviewed |
| Volume | 25 |
| Issue | 6 |
| Pages | 445-451 |
| DOI | https://doi.org/10.1016/j.cose.2006.04.001 |
| Keywords | Intrusion detection systems; IDS; End-to end encryption attack; kernel mode; Network communication; Driver interfaces; HTTP network; Procedure analysis; Attack detection; |
| Public URL | http://researchrepository.napier.ac.uk/id/eprint/1768 |
| Publisher URL | http://dx.doi.org/10.1016/j.cose.2006.04.001 |
You might also like
Securing IoT: Mitigating Sybil Flood Attacks with Bloom Filters and Hash Chains
(2024)
Journal Article
Chaotic Quantum Encryption to Secure Image Data in Post Quantum Consumer Technology
(2024)
Journal Article
Detection of Ransomware
(2024)
Patent
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search