iDeFEND: Intrusion detection framework for encrypted network data

Fatih Kilic; Claudia Eckert

doi:10.1007/978-3-319-26823-1_8

iDeFEND: Intrusion detection framework for encrypted network data

Fatih Kilic, Claudia Eckert

Informatics 20 - Chair of IT Security

Technical University of Munich

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Scopus citations

Abstract

Network Intrusion Detection Systems have been used for many years to inspect network data and to detect intruders. Nowadays, more and more often encryption is used to protect the confidentiality of network data. When end-to-end encryption is applied, Network Intrusion Detection Systems are blind and can not protect against attacks. In this paper we present iDeFEND, a framework for inspecting encrypted network data without breaking the security model of end-to-end encryption. Our approach does not require any source code of the involved applications and thereby also protects closed source applications. Our framework works independently of the utilized encryption key. We present two use cases how our framework can detect intruders by analysing the network data and how we can test remote applications with enabled network data encryption. To achieve this iDeFEND detects the relevant functions in the target application, extracts and subsequently inspects the data. To test remote applications iDeFEND intercepts and injects user controlled data into the application to test remote applications. Finally we have implemented our framework to show the feasibility of our approach.

Original language	English
Title of host publication	Cryptology and Network Security - 14th International Conference, CANS 2015, Proceedings
Editors	Michael Reiter, David Naccache
Publisher	Springer Verlag
Pages	111-118
Number of pages	8
ISBN (Print)	9783319268224
DOIs	https://doi.org/10.1007/978-3-319-26823-1_8
State	Published - 2015
Event	14th International Conference on Cryptology and Network Security, CANS 2015 - Marrakesh, Morocco Duration: 10 Dec 2015 → 12 Dec 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9476
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Conference on Cryptology and Network Security, CANS 2015
Country/Territory	Morocco
City	Marrakesh
Period	10/12/15 → 12/12/15

Keywords

Intrusion detection
Network security
Reverse engineering

Access to Document

10.1007/978-3-319-26823-1_8

Cite this

Kilic, F., & Eckert, C. (2015). iDeFEND: Intrusion detection framework for encrypted network data. In M. Reiter, & D. Naccache (Eds.), Cryptology and Network Security - 14th International Conference, CANS 2015, Proceedings (pp. 111-118). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9476). Springer Verlag. https://doi.org/10.1007/978-3-319-26823-1_8

Kilic, Fatih ; Eckert, Claudia. / iDeFEND : Intrusion detection framework for encrypted network data. Cryptology and Network Security - 14th International Conference, CANS 2015, Proceedings. editor / Michael Reiter ; David Naccache. Springer Verlag, 2015. pp. 111-118 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{1de8334002334aae9f1bd8e81064e145,

title = "iDeFEND: Intrusion detection framework for encrypted network data",

abstract = "Network Intrusion Detection Systems have been used for many years to inspect network data and to detect intruders. Nowadays, more and more often encryption is used to protect the confidentiality of network data. When end-to-end encryption is applied, Network Intrusion Detection Systems are blind and can not protect against attacks. In this paper we present iDeFEND, a framework for inspecting encrypted network data without breaking the security model of end-to-end encryption. Our approach does not require any source code of the involved applications and thereby also protects closed source applications. Our framework works independently of the utilized encryption key. We present two use cases how our framework can detect intruders by analysing the network data and how we can test remote applications with enabled network data encryption. To achieve this iDeFEND detects the relevant functions in the target application, extracts and subsequently inspects the data. To test remote applications iDeFEND intercepts and injects user controlled data into the application to test remote applications. Finally we have implemented our framework to show the feasibility of our approach.",

keywords = "Intrusion detection, Network security, Reverse engineering",

author = "Fatih Kilic and Claudia Eckert",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 14th International Conference on Cryptology and Network Security, CANS 2015 ; Conference date: 10-12-2015 Through 12-12-2015",

year = "2015",

doi = "10.1007/978-3-319-26823-1_8",

language = "English",

isbn = "9783319268224",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "111--118",

editor = "Michael Reiter and David Naccache",

booktitle = "Cryptology and Network Security - 14th International Conference, CANS 2015, Proceedings",

}

Kilic, F & Eckert, C 2015, iDeFEND: Intrusion detection framework for encrypted network data. in M Reiter & D Naccache (eds), Cryptology and Network Security - 14th International Conference, CANS 2015, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9476, Springer Verlag, pp. 111-118, 14th International Conference on Cryptology and Network Security, CANS 2015, Marrakesh, Morocco, 10/12/15. https://doi.org/10.1007/978-3-319-26823-1_8

iDeFEND: Intrusion detection framework for encrypted network data. / Kilic, Fatih; Eckert, Claudia.
Cryptology and Network Security - 14th International Conference, CANS 2015, Proceedings. ed. / Michael Reiter; David Naccache. Springer Verlag, 2015. p. 111-118 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9476).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - iDeFEND

T2 - 14th International Conference on Cryptology and Network Security, CANS 2015

AU - Kilic, Fatih

AU - Eckert, Claudia

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - Network Intrusion Detection Systems have been used for many years to inspect network data and to detect intruders. Nowadays, more and more often encryption is used to protect the confidentiality of network data. When end-to-end encryption is applied, Network Intrusion Detection Systems are blind and can not protect against attacks. In this paper we present iDeFEND, a framework for inspecting encrypted network data without breaking the security model of end-to-end encryption. Our approach does not require any source code of the involved applications and thereby also protects closed source applications. Our framework works independently of the utilized encryption key. We present two use cases how our framework can detect intruders by analysing the network data and how we can test remote applications with enabled network data encryption. To achieve this iDeFEND detects the relevant functions in the target application, extracts and subsequently inspects the data. To test remote applications iDeFEND intercepts and injects user controlled data into the application to test remote applications. Finally we have implemented our framework to show the feasibility of our approach.

AB - Network Intrusion Detection Systems have been used for many years to inspect network data and to detect intruders. Nowadays, more and more often encryption is used to protect the confidentiality of network data. When end-to-end encryption is applied, Network Intrusion Detection Systems are blind and can not protect against attacks. In this paper we present iDeFEND, a framework for inspecting encrypted network data without breaking the security model of end-to-end encryption. Our approach does not require any source code of the involved applications and thereby also protects closed source applications. Our framework works independently of the utilized encryption key. We present two use cases how our framework can detect intruders by analysing the network data and how we can test remote applications with enabled network data encryption. To achieve this iDeFEND detects the relevant functions in the target application, extracts and subsequently inspects the data. To test remote applications iDeFEND intercepts and injects user controlled data into the application to test remote applications. Finally we have implemented our framework to show the feasibility of our approach.

KW - Intrusion detection

KW - Network security

KW - Reverse engineering

UR - http://www.scopus.com/inward/record.url?scp=84952683090&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-26823-1_8

DO - 10.1007/978-3-319-26823-1_8

M3 - Conference contribution

AN - SCOPUS:84952683090

SN - 9783319268224

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 111

EP - 118

BT - Cryptology and Network Security - 14th International Conference, CANS 2015, Proceedings

A2 - Reiter, Michael

A2 - Naccache, David

PB - Springer Verlag

Y2 - 10 December 2015 through 12 December 2015

ER -

Kilic F, Eckert C. iDeFEND: Intrusion detection framework for encrypted network data. In Reiter M, Naccache D, editors, Cryptology and Network Security - 14th International Conference, CANS 2015, Proceedings. Springer Verlag. 2015. p. 111-118. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-26823-1_8

iDeFEND: Intrusion detection framework for encrypted network data

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this