Open Access  Subscription or Fee Access

The unbridled growth of the Internet and the network-based applications has contributed to enormous security leaks. Even the cryptographic protocols [1], which are used to provide secure communication, are often targeted by diverse attacks. Intrusion detection systems (IDSs) [2] are often employed to monitor network traffic and host[3] activities that may lead to unauthorized accesses and attacks against vulnerable services. To combat against attacks on encrypted protocols [4], we propose an anomaly-based detection system by using strategically distributed monitoring stubs (MSs) [5].. Upon detecting suspicious activities due to the deviations from these normal profiles, the MSs notify the victim servers, which may then take necessary actions.

SSL, TLS, IDS, MS, SSH, VPN.

D. Bleichenbacher, “Chosen Ciphertext attacks against protocols based on the RSA encryption standard PKCS #1,” in Proc. 18th Annu. Int. Cryptol. Conf., Santa Barbara, CA, Aug. 1998, pp. 1–12.

D. Brumley and D. Boneh, “Remote timing attacks are practical,” in Proc. 12th USENIX Security Symp.,Washington, DC, Aug. 2003, p. 1.

“OpenSSH PAM timing attacks,” 2006 [Online]. Available: http://securityvulns. com/news2789.html

S. P. Joglekar and S. R. Tate, “ProtoMon: Embedded monitors for cryptographic protocol intrusion detection and prevention,” J. Universal Comput. Sci., vol. 11, no. 1, pp. 83–103, Jan. 2005.

Smurf IP denial-of-service attacks,” CERT Advisory CA-1998-01, 1998 Available: http://www.cert.org/advisories/CA-1998-01. html