NetHost-Sensor: Investigating the capture of end-to-end encrypted intrusive data.

Abimbola, Abiola, Munoz, Jose and Buchanan, William J (2006) NetHost-Sensor: Investigating the capture of end-to-end encrypted intrusive data. Computers & Security, 25 (6). pp. 445-451. ISSN 0167 4048

[img] PDF
Restricted to Registered users only
Available under License Creative Commons Attribution Non-commercial.

Download (359kB) | Request a copy


    Intrusion Detection Systems (IDSs) are systems that protect against violation of data integrity, confidentiality and availability of resources. In the past 20 years, these systems have evolved with the technology and have become more sophisticated. Despite these advances, IDS is still an immature field, and the benefits obtained from detecting end-to-end encrypted attacks justify the need for more research.

    This paper presents possible advantages of an IDS that uses a target host's kernel as its audit source for intrusion analysis against specific attacks. In addition, we describe our research experience in determining what layer, within a protocol stack of a target host, where decrypted data can be captured for intrusion detection. Then, it examines how to capture decrypted data, while communicating via an End-to-End (ETE) encryption channel. The paper proceeds further to discuss our methodology using network communication driver interfaces, investigative experimental procedures and present our experimental results. Finally, discussions on the methodology of our future research, modelling HTTP network data via procedure analysis technique to reduce false positive rate of attacks are presented.

    Item Type: Article
    Print ISSN: 0167 4048
    Uncontrolled Keywords: Intrusion detection systems; IDS; End-to end encryption attack; kernel mode; Network communication; Driver interfaces; HTTP network; Procedure analysis; Attack detection;
    University Divisions/Research Centres: Faculty of Engineering, Computing and Creative Industries > School of Computing
    Dewey Decimal Subjects: 000 Computer science, information & general works > 000 Computer science, knowledge & systems > 005 Computer programming, programs & data
    Library of Congress Subjects: Q Science > QA Mathematics > QA76 Computer software
    Item ID: 1768
    Depositing User: RAE Import
    Date Deposited: 26 May 2008 10:18
    Last Modified: 21 Mar 2013 13:34

    Actions (login required)

    View Item

    Document Downloads

    More statistics for this item...

    Edinburgh Napier University is a registered Scottish charity. Registration number SC018373