Top

Published in:

2024 | OriginalPaper | Chapter

Cyber Attack Detection with Encrypted Network Connection Analysis

Authors : Serkan Gonen, Gokce Karacayilmaz, Harun Artuner, Mehmet Ali Bariskan, Ercan Nurcan Yilmaz

Published in: Advances in Intelligent Manufacturing and Service System Informatics

Publisher: Springer Nature Singapore

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The chapter delves into the JA3 fingerprinting method developed by Salesforce, highlighting its lightweight nature and high accuracy in detecting malicious samples. It discusses the method's ability to prevent DNS Over HTTPS (DoH) attacks and provides a detailed case study on detecting a Meterpreter session using the JA3 and JA3s fingerprinting techniques. The study underscores the method's effectiveness in identifying anomalous SSL/TLS connections and its potential in enhancing network security in static networks with IoT/IIoT devices. The chapter concludes by emphasizing the importance of such methods in the face of evolving cyber-attack techniques and the need for robust encryption analysis tools.

AI Generated

This summary of the content was generated with the help of AI.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Decision Support System Design Proposal for Agricultural Planning

next chapter Blockchain Enabled Lateral Transshipment System for the Redistribution of Unsold Textile Products in a Circular Economy

Althouse, J.: Open Sourcing JA3 SSL/TLS Client Fingerprinting for Malware Detection. Şubat, Erişim (2022). https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41

Althouse, J., Atkinson, J. ve Atkins, J.: “Salesforce/ja3”, Şubat, Erişim (2022). https://github.com/salesforce/ja3

Eric, R.: RFC 8446 – The Transport Layer Security (TLS) Protocol Version 1.3. Şubat, Erişim (2022). https://datatracker.ietf.org/doc/rfc8446/.

Kane, W.A., Vlach, T., Luks, R.: Encrypted traffic analysis. flowmon, 2019D. In: Sarunyagate (ed.), Lasers. McGraw-Hill, New York (1996)

Suricata. 6.17. “JA3 Keywords — Suricata 6.0.4 documentation.”, Şubat 2022, Erişim: https://suricata.readthedocs.io/en/suricata-6.0.4/rules/ja3-keywords.html.K. Schwalbe, Information Technology Project Management, 3rd ed. Course Technology, Boston (2004)

Telesoft. JA3 Fingerprinting: Encrypted Thread Detection. (2020)

Matoušek, P., Burgetová, I., Ryšavý, O., Victor, M.: On reliability of JA3 hashes for fingerprinting mobile applications. In: Goel, S., Gladyshev, P., Johnson, D., Pourzandi, M., Majumdar, S. (eds.) Digital Forensics and Cyber Crime: 11th EAI International Conference, ICDF2C 2020, Boston, MA, USA, 15–16 Oct 2020, Proceedings, pp. 1–22. Springer International Publishing, Cham (2021). https://doi.org/10.1007/978-3-030-68734-2_1CrossRef

Hejcman, L.: Fingerprinting and Identification of TLS Connections.

Deri, L., Fusco, F.: Using deep packet inspection in CyberTraffic analysis. In: 2021 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 89–94. IEEE (2021)

10.

Choi, J.S.: DNS over HTTPS (DoH) (2021)

11.

Karaçay, L., Savaş, E., Alptekin, H.: Intrusion detection over encrypted network data. The Comput. J. 63(4), 604–619 (2019). https://doi.org/10.1093/comjnl/bxz111MathSciNetCrossRef

12.

Fu, Z., et al.: Encrypted malware traffic detection via graph-based network analysis. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, pp. 495–509. Presented at the Limassol, Cyprus (2022). https://doi.org/10.1145/3545948.3545983

13.

Shen, M., et al.: Machine learning-powered encrypted network traffic analysis: a comprehensive survey. IEEE Commun. Surv. Tutorials 25(1), 791–824 (2023). https://doi.org/10.1109/COMST.2022.3208196CrossRef

Title: Cyber Attack Detection with Encrypted Network Connection Analysis
Authors: Serkan Gonen
Gokce Karacayilmaz
Harun Artuner
Mehmet Ali Bariskan
Ercan Nurcan Yilmaz
Publisher: Springer Nature Singapore
Book: Advances in Intelligent Manufacturing and Service System Informatics
Print ISBN: 978-981-9960-61-3

Electronic ISBN: 978-981-9960-62-0

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-981-99-6062-0_57

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"