Title: Experimenting with an Intrusion Detection System for Encrypted Networks

Authors: Vik Tor Goh, Jacob Zimmermann, Mark Looi

Addresses: Faculty of Science and Technology, Information Security Institute, Queensland University of Technology, GPO Box 2434, Brisbane QLD 4001, Australia. ' Information Security Institute, Queensland University of Technology, MS-714, Level 7, 126 Margaret St, Brisbane QLD 4001, Australia. ' Faculty of Science and Technology, Information Security Institute, Queensland University of Technology, GPO Box 2434, Brisbane QLD 4001, Australia

Abstract: Network-based Intrusion Detection Systems (NIDSs) analyse network traffic to detect instances of malicious activity. Typically, this is only possible when the network traffic is accessible for analysis. With the growing use of Virtual Private Networks (VPNs) that encrypt network traffic, the NIDS can no longer access this crucial audit data. In this paper, we present an implementation and evaluation of our approach proposed in Goh et al. (2009). It is based on Shamir|s secret-sharing scheme and allows a NIDS to function normally in a VPN without any modifications and without compromising the confidentiality afforded by the VPN.

Keywords: NIDS; network-based intrusion detection systems; encrypted networks; VPN; virtual private networks; IPsec; IP security; Shamir|s secret sharing; SNORT; malicious activity.

DOI: 10.1504/IJBIDM.2010.031286

International Journal of Business Intelligence and Data Mining, 2010 Vol.5 No.2, pp.172 - 191

Published online: 27 Jan 2010 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article