Published January 26, 2021 | Version v1
Journal article Open

Acceleration of Intrusion Detection in Encrypted Network Traffic Using Heterogeneous Hardware

  • 1. Institute of Computer Science, Foundation for Research and Technology—Hellas (FORTH)

Description

More than 75% of Internet traffic is now encrypted, and this percentage is constantly increasing. The majority of communications are secured using common encryption protocols such as SSL/TLS and IPsec to ensure security and protect the privacy of Internet users. However, encryption can be exploited to hide malicious activities, camouflaged into normal network traffic. Traditionally, network traffic inspection is based on techniques like deep packet inspection (DPI). Common applications for DPI include but are not limited to firewalls, intrusion detection and prevention systems, L7 filtering, and packet forwarding. With the widespread adoption of network encryption though, DPI tools that rely on packet payload content are becoming less effective, demanding the development of more sophisticated techniques in order to adapt to current network encryption trends. In this work, we present HeaderHunter, a fast signature-based intrusion detection system even for encrypted network traffic. We generate signatures using only network packet metadata extracted from packet headers. In addition, we examine the processing acceleration of the intrusion detection engine using different heterogeneous hardware architectures.

Notes

The authors would like to thank the anonymous reviewers and the editor. This work was supported by the projects CONCORDIA, CyberSANE, I-BIDAAS, C4IIOT, and SPIDER, funded by the European Commission under Grant Agreements No. 830927, No. 833683, No. 780787, No. 833828, and No. 833685. This publication reflects the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

Files

sensors-21-01140-v3.pdf

Files (2.1 MB)

Name Size Download all
md5:3fcf0816d49c64ca8f6d410170bd6993
2.1 MB Preview Download

Additional details

Funding

CONCORDIA – Cyber security cOmpeteNCe fOr Research anD InnovAtion 830927
European Commission
I-BiDaaS – Industrial-Driven Big Data as a Self-Service Solution 780787
European Commission
CyberSANE – Cyber Security Incident Handling, Warning and Response System for the European Critical Infrastructures 833683
European Commission
SPIDER – a cyberSecurity Platform for vIrtualiseD 5G cybEr Range services 833685
European Commission