Cyber Attack Detection with Encrypted Network Connection Analysis


Gönen S., Karacayilmaz G., Artuner H., Barışkan M. A., Yılmaz E. N.

12th International Symposium on Intelligent Manufacturing and Service Systems, IMSS 2023, İstanbul, Türkiye, 26 - 28 Mayıs 2023, ss.622-629 identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Doi Numarası: 10.1007/978-981-99-6062-0_57
  • Basıldığı Şehir: İstanbul
  • Basıldığı Ülke: Türkiye
  • Sayfa Sayıları: ss.622-629
  • Anahtar Kelimeler: Continious Monitoring, Cryptography, Cyber Security, Finger Print, JA3, Network, TLS
  • İstanbul Gelişim Üniversitesi Adresli: Evet

Özet

The evolution of science and technology has led to increasingly complex cyber security threats, with advanced evasion techniques and encrypted communication channels making attacks harder to detect. While encryption has improved privacy and confidentiality for users, it has also provided a new avenue for attackers to exploit. Traditional intrusion detection systems, which transitioned from signature-based to behavior-based approaches, have struggled to keep up with these challenges. To address this issue, researchers have turned to continuous system monitoring and network traffic packet analysis. However, this method can be resource-intensive and time-consuming, particularly when analyzing encrypted packets. In this study, the JA3 fingerprint infrastructure was examined as a potential solution for quickly detecting attacks conducted over encrypted sessions while minimizing system downtime and damage. The results demonstrated that the JA3 infrastructure effectively detected attacks carried out via encrypted channels. Although Windows 10 and Kali 2020.4 operating systems were used as the victim and attacker systems respectively, the methodology can be applied to other operating systems and network hardware by following the outlined steps. This research is expected to make a significant contribution to the field of encryption-based attack prevention.