Detection of distributed denial-of-service attacks in encrypted network traffic

Tausta: Hajautetut palvelunestohyökkäykset ovat jo kaksi vuosikymmentä vanhoja. Useita strategioita on kehitetty taistelemaan niiden kasvavaa määrää vastaan vuosien varrella. Sovelluskerroksen protokollien hyökkäykset yleistyvät, ja niitä on hankalampi havaita. Nykyiset havainnointimenetelmät analys...

Full description

Bibliographic Details
Main Author:	Hyvärinen, Mikko
Other Authors:	Informaatioteknologian tiedekunta, Faculty of Information Technology, Tietotekniikan laitos, Department of Mathematical Information Technology, University of Jyväskylä, Jyväskylän yliopisto
Format:	Master's thesis
Language:	eng
Published:	2016
Subjects:	palvelunestohyökkäys Tietotekniikka Mathematical Information Technology 602 kyberturvallisuus verkkohyökkäykset tietoturva salaus simulointi
Online Access:	https://jyx.jyu.fi/handle/123456789/52275

_version_	1826225771163680768
author	Hyvärinen, Mikko
author2	Informaatioteknologian tiedekunta Faculty of Information Technology Tietotekniikan laitos Department of Mathematical Information Technology University of Jyväskylä Jyväskylän yliopisto
author_facet	Hyvärinen, Mikko Informaatioteknologian tiedekunta Faculty of Information Technology Tietotekniikan laitos Department of Mathematical Information Technology University of Jyväskylä Jyväskylän yliopisto Hyvärinen, Mikko Informaatioteknologian tiedekunta Faculty of Information Technology Tietotekniikan laitos Department of Mathematical Information Technology University of Jyväskylä Jyväskylän yliopisto
author_sort	Hyvärinen, Mikko
datasource_str_mv	jyx
description	Tausta: Hajautetut palvelunestohyökkäykset ovat jo kaksi vuosikymmentä vanhoja. Useita strategioita on kehitetty taistelemaan niiden kasvavaa määrää vastaan vuosien varrella. Sovelluskerroksen protokollien hyökkäykset yleistyvät, ja niitä on hankalampi havaita. Nykyiset havainnointimenetelmät analysoivat tietoliikenteen piirteitä. Paketin sisältö on salattua SSL/TLS liikenteessä, josta syystä sitä ei voida analysoida. Tavoitteet: Tutkielma tarkastelee salatun liikenteen palvelunestohyökkäysten havaintometodien nykyistä tilaa. Tutkielma esittelee myös klusterointiin perustuvan menetelmän ja aikaisemman tutkimuksen kanssa vertailtavissa olevia simulaatiotuloksia. Metodit: Kirjoittaja laati kevyen systemaattisen kirjallisuuskartoituksen etsien lähteitä tietotekniikan kirjallisuustietokannoista. Hän myös teki tutkimuksia klusterointimenetelmän (K-means++) kanssa käyttäen virtuaaliverkkoa. Tulokset: Kirjallisuuskartoitus löysi, että havainnointimenetelmät keskittyvät klusterointiin perustuviin ja tilastollisiin poikkeamienhavainnointimenetelmiin. Esitetty klusterointimenelmä havaitsi yksinkertaiset hyökkäykset lähes sadan prosentin tarkkuudella. Tietoaineiston laatu huomattiin tärkeäksi tulosten vertailun kannalta. Johtopäätökset: Kirjallisuuskartoitus havaitsi aukkoja tutkimuksessa verrattaessa sitä salaamattomien hyökkäysten havainnointiin. Näillä alueilla lisää tutkimusta tarvitaan. Context: Distributed denial-of-service attacks have existed for two decades. Various strategies have been developed to combat the increasing volume of attacks over the years. Application layer attacks are becoming more common, and they are harder to detect. Current detection methods analyze traffic features. The packet payload is encrypted in an SSL/TLS traffic, and it cannot be analyzed. Objective: The thesis studies the current situation of detection of DDoS attacks in an SSL/TLS encrypted traffic. Also, the thesis presents a K-means++ clustering-based detection method and comparable simulation results with the previous literature. Methods: The author conducted a light systematic mapping study by searching common computer science literature libraries. The author ran experiments with the clustering-based method in a virtual network. Results: The mapping study found that the detection methods concentrate on clustering and statistical anomaly detection methods. In the experiments, denial-of-service attack simulations revealed that the K-means++ clustering detects trivial DDoS attacks with near 100% accuracy. Datasets were found to be an important part when comparing results. Conclusion: The mapping study revealed encrypted denial-of-service research study areas where more research is needed when compared to the non-encrypted counterpart.
first_indexed	2023-03-22T09:59:57Z
format	Pro gradu
free_online_boolean	1
fullrecord	[{"key": "dc.contributor.advisor", "value": "H\u00e4m\u00e4l\u00e4inen, Timo", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Zolotukhin, Mikhail", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Hyv\u00e4rinen, Mikko", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2016-12-12T20:10:53Z", "language": "", "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2016-12-12T20:10:53Z", "language": "", "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2016", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.other", "value": "oai:jykdok.linneanet.fi:1644663", "language": null, "element": "identifier", "qualifier": "other", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/52275", "language": "", "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tausta: Hajautetut palvelunestohy\u00f6kk\u00e4ykset ovat jo kaksi vuosikymment\u00e4 vanhoja. Useita strategioita on kehitetty taistelemaan niiden kasvavaa m\u00e4\u00e4r\u00e4\u00e4 vastaan vuosien varrella. Sovelluskerroksen protokollien hy\u00f6kk\u00e4ykset yleistyv\u00e4t, ja niit\u00e4 on hankalampi havaita. Nykyiset havainnointimenetelm\u00e4t analysoivat tietoliikenteen piirteit\u00e4. Paketin sis\u00e4lt\u00f6 on salattua SSL/TLS liikenteess\u00e4, josta syyst\u00e4 sit\u00e4 ei voida analysoida. Tavoitteet: Tutkielma tarkastelee salatun liikenteen palvelunestohy\u00f6kk\u00e4ysten havaintometodien nykyist\u00e4 tilaa. Tutkielma esittelee my\u00f6s klusterointiin perustuvan menetelm\u00e4n ja aikaisemman tutkimuksen kanssa vertailtavissa olevia simulaatiotuloksia. Metodit: Kirjoittaja laati kevyen systemaattisen kirjallisuuskartoituksen etsien l\u00e4hteit\u00e4 tietotekniikan kirjallisuustietokannoista. H\u00e4n my\u00f6s teki tutkimuksia klusterointimenetelm\u00e4n (K-means++) kanssa k\u00e4ytt\u00e4en virtuaaliverkkoa. Tulokset: Kirjallisuuskartoitus l\u00f6ysi, ett\u00e4 havainnointimenetelm\u00e4t keskittyv\u00e4t klusterointiin perustuviin ja tilastollisiin poikkeamienhavainnointimenetelmiin. Esitetty klusterointimenelm\u00e4 havaitsi yksinkertaiset hy\u00f6kk\u00e4ykset l\u00e4hes sadan prosentin tarkkuudella. Tietoaineiston laatu huomattiin t\u00e4rke\u00e4ksi tulosten vertailun kannalta. Johtop\u00e4\u00e4t\u00f6kset: Kirjallisuuskartoitus havaitsi aukkoja tutkimuksessa verrattaessa sit\u00e4 salaamattomien hy\u00f6kk\u00e4ysten havainnointiin. N\u00e4ill\u00e4 alueilla lis\u00e4\u00e4 tutkimusta tarvitaan.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Context: Distributed denial-of-service attacks have existed for two decades. Various strategies have been developed to combat the increasing volume of attacks over the years. Application layer attacks are becoming more common, and they are harder to detect. Current detection methods analyze traffic features. The packet payload is encrypted in an SSL/TLS traffic, and it cannot be analyzed. Objective: The thesis studies the current situation of detection of DDoS attacks in an SSL/TLS encrypted traffic. Also, the thesis presents a K-means++ clustering-based detection method and comparable simulation results with the previous literature. Methods: The author conducted a light systematic mapping study by searching common computer science literature libraries. The author ran experiments with the clustering-based method in a virtual network. Results: The mapping study found that the detection methods concentrate on clustering and statistical anomaly detection methods. In the experiments, denial-of-service attack simulations revealed that the K-means++ clustering detects trivial DDoS attacks with near 100% accuracy. Datasets were found to be an important part when comparing results. Conclusion: The mapping study revealed encrypted denial-of-service research study areas where more research is needed when compared to the non-encrypted counterpart.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted using Plone Publishing form by Mikko Hyv\u00e4rinen (mitahyva) on 2016-12-12 20:10:52.875086. Form: Pro gradu -lomake (https://kirjasto.jyu.fi/julkaisut/julkaisulomakkeet/pro-gradu-lomake). JyX data: [jyx_publishing-allowed (fi) =True]", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2016-12-12T20:10:53Z\r\nNo. of bitstreams: 2\r\nURN:NBN:fi:jyu-201612125051.pdf: 983847 bytes, checksum: 178c64e810d78b09364413ec73aefebf (MD5)\r\nlicense.html: 4842 bytes, checksum: cb8632f4beb51e2a45808c958e40c317 (MD5)", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2016-12-12T20:10:53Z (GMT). No. of bitstreams: 2\r\nURN:NBN:fi:jyu-201612125051.pdf: 983847 bytes, checksum: 178c64e810d78b09364413ec73aefebf (MD5)\r\nlicense.html: 4842 bytes, checksum: cb8632f4beb51e2a45808c958e40c317 (MD5)\r\n Previous issue date: 2016", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "1 verkkoaineisto (131 sivua)", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "palvelunestohy\u00f6kk\u00e4ys", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Detection of distributed denial-of-service attacks in encrypted network traffic", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201612125051", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Tietotekniikan laitos", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Department of Mathematical Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.date.updated", "value": "2016-12-12T20:10:54Z", "language": "", "element": "date", "qualifier": "updated", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": "fi", "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "salaus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "simulointi", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id	jyx.123456789_52275
language	eng
last_indexed	2025-02-18T10:55:47Z
main_date	2016-01-01T00:00:00Z
main_date_str	2016
online_boolean	1
online_urls_str_mv	{"url":"https:\/\/jyx.jyu.fi\/bitstreams\/a6d0c30d-8a2e-4568-937e-cc500dd0e489\/download","text":"URN:NBN:fi:jyu-201612125051.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate	2016
record_format	qdc
source_str_mv	jyx
spellingShingle	Hyvärinen, Mikko Detection of distributed denial-of-service attacks in encrypted network traffic palvelunestohyökkäys Tietotekniikka Mathematical Information Technology 602 kyberturvallisuus verkkohyökkäykset tietoturva salaus simulointi
title	Detection of distributed denial-of-service attacks in encrypted network traffic
title_full	Detection of distributed denial-of-service attacks in encrypted network traffic
title_fullStr	Detection of distributed denial-of-service attacks in encrypted network traffic Detection of distributed denial-of-service attacks in encrypted network traffic
title_full_unstemmed	Detection of distributed denial-of-service attacks in encrypted network traffic Detection of distributed denial-of-service attacks in encrypted network traffic
title_short	Detection of distributed denial-of-service attacks in encrypted network traffic
title_sort	detection of distributed denial of service attacks in encrypted network traffic
title_txtP	Detection of distributed denial-of-service attacks in encrypted network traffic
topic	palvelunestohyökkäys Tietotekniikka Mathematical Information Technology 602 kyberturvallisuus verkkohyökkäykset tietoturva salaus simulointi
topic_facet	602 Mathematical Information Technology Tietotekniikka kyberturvallisuus palvelunestohyökkäys salaus simulointi tietoturva verkkohyökkäykset
url	https://jyx.jyu.fi/handle/123456789/52275 http://www.urn.fi/URN:NBN:fi:jyu-201612125051
work_keys_str_mv	AT hyvärinenmikko detectionofdistributeddenialofserviceattacksinencryptednetworktraffic

Detection of distributed denial-of-service attacks in encrypted network traffic

Similar Items