Detection of SSL/TLS protocol attacks based on flow spectrum theory
Network attack detection plays a vital role in network security.Existing detection approaches focus on typical attack behaviors, such as Botnets and SQL injection.The widespread use of the SSL/TLS encryption protocol arises some emerging attack strategies against the SSL/TLS protocol.With the networ...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2022-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022004 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529817919389696 |
|---|---|
| author | Shize GUO Fan ZHANG Zhuoxue SONG Ziming ZHAO Xinjie ZHAO Xiaojuan WANG Xiangyang LUO |
| author_facet | Shize GUO Fan ZHANG Zhuoxue SONG Ziming ZHAO Xinjie ZHAO Xiaojuan WANG Xiangyang LUO |
| author_sort | Shize GUO |
| collection | DOAJ |
| description | Network attack detection plays a vital role in network security.Existing detection approaches focus on typical attack behaviors, such as Botnets and SQL injection.The widespread use of the SSL/TLS encryption protocol arises some emerging attack strategies against the SSL/TLS protocol.With the network traffic collection environment that built upon the implements of popular SSL/TLS attacks, a network traffic dataset including four SSL/TLS attacks, as well as benign flows was controlled.Considering the problems that limited observability of existing detection and limited separation of the original-flow spatiotemporal domains, a flow spectrum theory was proposed to map the threat behavior in the cyberspace from the original spatiotemporal domain to the transformed domain through the process of “potential change” and obtain the “potential variation spectrum”.The flow spectrum theory is based on a set of separable and observable feature representations to achieve efficient analysis of network flows.The key to the application of flow spectrum theory in actual cyberspace threat behavior detection is to find the potential basis matrix for a specific threat network flow under the condition of a given transformation operator.Since the SSL/TLS protocol has a strong timing relationship and state transition process in the handshake phase, and there are similarities between some SSL/TLS attacks, the detection of SSL/TLS attacks not only needs to consider timing context information, but also needs to consider the high-separation representation of TLS network flows.Based on the flow spectrum theory, the threat template idea was used to extract the potential basis matrix, and the potential basis mapping based on the long-short-term memory unit was used to map the SSL/TLS attack network flow to the flow spectrum domain space.On the self-built SSL/TLS attack network flow data set, the validity of the flow spectrum theory is verified by means of classification performance comparison, potential variation spectrum dimensionality reduction visualization, threat behavior feature weight evaluation, threat behavior spectrum division assessment, and potential variation base matrix heatmap visualization. |
| format | Article |
| id | doaj-art-b0c8ed08a2a14de482f58cadd69eed8c |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2022-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-b0c8ed08a2a14de482f58cadd69eed8c2025-01-15T03:15:36ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2022-02-018304059571240Detection of SSL/TLS protocol attacks based on flow spectrum theoryShize GUOFan ZHANGZhuoxue SONGZiming ZHAOXinjie ZHAOXiaojuan WANGXiangyang LUONetwork attack detection plays a vital role in network security.Existing detection approaches focus on typical attack behaviors, such as Botnets and SQL injection.The widespread use of the SSL/TLS encryption protocol arises some emerging attack strategies against the SSL/TLS protocol.With the network traffic collection environment that built upon the implements of popular SSL/TLS attacks, a network traffic dataset including four SSL/TLS attacks, as well as benign flows was controlled.Considering the problems that limited observability of existing detection and limited separation of the original-flow spatiotemporal domains, a flow spectrum theory was proposed to map the threat behavior in the cyberspace from the original spatiotemporal domain to the transformed domain through the process of “potential change” and obtain the “potential variation spectrum”.The flow spectrum theory is based on a set of separable and observable feature representations to achieve efficient analysis of network flows.The key to the application of flow spectrum theory in actual cyberspace threat behavior detection is to find the potential basis matrix for a specific threat network flow under the condition of a given transformation operator.Since the SSL/TLS protocol has a strong timing relationship and state transition process in the handshake phase, and there are similarities between some SSL/TLS attacks, the detection of SSL/TLS attacks not only needs to consider timing context information, but also needs to consider the high-separation representation of TLS network flows.Based on the flow spectrum theory, the threat template idea was used to extract the potential basis matrix, and the potential basis mapping based on the long-short-term memory unit was used to map the SSL/TLS attack network flow to the flow spectrum domain space.On the self-built SSL/TLS attack network flow data set, the validity of the flow spectrum theory is verified by means of classification performance comparison, potential variation spectrum dimensionality reduction visualization, threat behavior feature weight evaluation, threat behavior spectrum division assessment, and potential variation base matrix heatmap visualization.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022004SSL/TLS attacksnetwork traffic detectionflow spectrum theorylong short-term memory |
| spellingShingle | Shize GUO Fan ZHANG Zhuoxue SONG Ziming ZHAO Xinjie ZHAO Xiaojuan WANG Xiangyang LUO Detection of SSL/TLS protocol attacks based on flow spectrum theory 网络与信息安全学报 SSL/TLS attacks network traffic detection flow spectrum theory long short-term memory |
| title | Detection of SSL/TLS protocol attacks based on flow spectrum theory |
| title_full | Detection of SSL/TLS protocol attacks based on flow spectrum theory |
| title_fullStr | Detection of SSL/TLS protocol attacks based on flow spectrum theory |
| title_full_unstemmed | Detection of SSL/TLS protocol attacks based on flow spectrum theory |
| title_short | Detection of SSL/TLS protocol attacks based on flow spectrum theory |
| title_sort | detection of ssl tls protocol attacks based on flow spectrum theory |
| topic | SSL/TLS attacks network traffic detection flow spectrum theory long short-term memory |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2022004 |
| work_keys_str_mv | AT shizeguo detectionofssltlsprotocolattacksbasedonflowspectrumtheory AT fanzhang detectionofssltlsprotocolattacksbasedonflowspectrumtheory AT zhuoxuesong detectionofssltlsprotocolattacksbasedonflowspectrumtheory AT zimingzhao detectionofssltlsprotocolattacksbasedonflowspectrumtheory AT xinjiezhao detectionofssltlsprotocolattacksbasedonflowspectrumtheory AT xiaojuanwang detectionofssltlsprotocolattacksbasedonflowspectrumtheory AT xiangyangluo detectionofssltlsprotocolattacksbasedonflowspectrumtheory |