Detecting block ciphers generic attacks: An instance-based machine learning method

Abstract

Cryptography facilitates selective communication through encryption of messages and or data. Block-cipher processing is one of the prominent methods for modern cryptographic symmetric encryption schemes. The rise in attacks on block-ciphers led to the development of more difficult encryption schemes. However, attackers decrypt block-ciphers through generic attacks given sufficient time and computing. Recent research had applied machine learning classification algorithms to develop intrusion detection systems to detect multiple types of attacks. These intrusion detection systems are limited by misclassifying generic attacks and suffer reduced effectiveness when evaluated for detecting generic attacks only. Hence, this study introduced and proposed k-nearest neighbors, an instance-based machine learning classification algorithm, for the detection of generic attacks on block-ciphers. The value of k was varied (i.e., 1, 3, 5, 7, and 9) and multiple nearest neighbors classification models were developed and evaluated using two distance functions (i.e., Manhattan and Euclidean) for classifying between generic attacks and normal network packets. All nearest neighbors models using the Manhattan distance function performed better than their Euclidean counterparts. The 1-nearest neighbor (Manhattan distance function) model had the highest overall accuracy of 99.6%, a generic attack detection rate of 99.5% which tallies with the 5, 7, and 9 nearest neighbors models, and a false alarm rate of 0.0003 which is the same for all Manhattan nearest neighbors classification models. These instance-based methods performed better than some existing methods that even implemented an ensemble of deep-learning algorithms. Therefore, an instance-based method is recommended for detecting block-ciphers generic attacks.