Towards a Near-Real-Time Protocol Tunneling Detector Based on Machine Learning Techniques-Reference-Cited by-同舟云学术

Towards a Near-Real-Time Protocol Tunneling Detector Based on Machine Learning Techniques

Published:2023-11-06 Issue:4 Volume:3 Page:794-807
ISSN:2624-800X
Container-title:Journal of Cybersecurity and Privacy
language:en
Short-container-title:JCP

Author:

Sobrero Filippo¹,Clavarezza Beatrice¹,Ucci Daniele¹^ORCID,Bisio Federica¹

Affiliation:

1. aizoOn Technology Consulting, 10146 Turin, Italy

Abstract

In the very recent years, cybersecurity attacks have increased at an unprecedented pace, becoming ever more sophisticated and costly. Their impact has involved both private/public companies and critical infrastructures. At the same time, due to the COVID-19 pandemic, the security perimeters of many organizations expanded, causing an increase in the attack surface exploitable by threat actors through malware and phishing attacks. Given these factors, it is of primary importance to monitor the security perimeter and the events occurring in the monitored network, according to a tested security strategy of detection and response. In this paper, we present a protocol tunneling detector prototype which inspects, in near real-time, a company’s network traffic using machine learning techniques. Indeed, tunneling attacks allow malicious actors to maximize the time in which their activity remains undetected. The detector monitors unencrypted network flows and extracts features to detect possible occurring attacks and anomalies by combining machine learning and deep learning. The proposed module can be embedded in any network security monitoring platform able to provide network flow information along with its metadata. The detection capabilities of the implemented prototype have been tested both on benign and malicious datasets. Results show an overall accuracy of 97.1% and an F1-score equal to 95.6%.

Publisher

MDPI AG

Subject

General Earth and Planetary Sciences,General Environmental Science

Link

https://www.mdpi.com/2624-800X/3/4/35/pdf

Reference40 articles.

1. (2023, February 06). ENISA Threat Landscape 2022. Available online: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2022.

2. Cost of a Data Breach (2023, February 06). A Million-Dollar Race to Detect and Respond. Available online: https://www.ibm.com/reports/data-breach.

3. (2023, February 06). The SolarWinds Cyber-Attack: What You Need to Know. Available online: https://www.cisecurity.org/solarwinds.

4. (2023, February 06). 7 Top Trends in Cybersecurity for 2022. Available online: https://www.gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022.

5. Survey of machine learning techniques for malware analysis;Ucci;Comput. Secur.,2019

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. GraphTunnel: Robust DNS Tunnel Detection Based on DNS Recursive Resolution Graph;IEEE Transactions on Information Forensics and Security;2024