Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Slice Distance: An Insert-Only Levenshtein Distance with a Focus on Security Applications
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PRISEC)ORCID iD: 0000-0001-9886-6651
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (DISCO)ORCID iD: 0000-0003-3461-7079
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PRISEC)ORCID iD: 0000-0003-0778-4736
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (DISCO)ORCID iD: 0000-0001-7311-9334
2018 (English)In: Proceedings of NTMS 2018 Conference and Workshop, New York: IEEE, 2018, p. 1-5Conference paper, Published paper (Refereed)
Abstract [en]

Levenshtein distance is well known for its use in comparing two strings for similarity. However, the set of considered edit operations used when comparing can be reduced in a number of situations. In such cases, the application of the generic Levenshtein distance can result in degraded detection and computational performance. Other metrics in the literature enable limiting the considered edit operations to a smaller subset. However, the possibility where a difference can only result from deleted bytes is not yet explored. To this end, we propose an insert-only variation of the Levenshtein distance to enable comparison of two strings for the case in which differences occur only because of missing bytes. The proposed distance metric is named slice distance and is formally presented and its computational complexity is discussed. We also provide a discussion of the potential security applications of the slice distance.

Place, publisher, year, edition, pages
New York: IEEE, 2018. p. 1-5
Keywords [en]
Measurement, Pattern matching, Time complexity, Transforms, Security, DNA
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-67012DOI: 10.1109/NTMS.2018.8328718ISI: 000448864200049ISBN: 978-1-5386-3662-6 (electronic)ISBN: 978-1-5386-3663-3 (print)OAI: oai:DiVA.org:kau-67012DiVA, id: diva2:1198286
Conference
9th IFIP International Conference on New Technologies, Mobility and Security, 26-28 February 2018, Paris, France
Projects
HITS, 4707
Funder
Knowledge Foundation, 4707Available from: 2018-04-17 Created: 2018-04-17 Last updated: 2020-01-14Bibliographically approved
In thesis
1. Life of a Security Middlebox: Challenges with Emerging Protocols and Technologies
Open this publication in new window or tab >>Life of a Security Middlebox: Challenges with Emerging Protocols and Technologies
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The Internet of today has intermediary devices known as middleboxes that perform more functions than the normal packet forwarding function of a router. Security middleboxes are a subset of these middleboxes and face an increasingly difficult task to perform their functions correctly. These middleboxes make many assumptions about the traffic that may not hold true any longer with the advent of new protocols such as MPTCP and technologies like end-to-end encryption.

The work in this thesis focuses on security middleboxes and the challenges they face. We develop methods and solutions to help these security middleboxes continue to function correctly. In particular, we investigate the case of using MPTCP over traditional security infrastructure as well as the case of end-to-end encryption. We study how practical it is to evade a security middlebox by fragmenting and sending traffic across multiple paths using MPTCP. We then go on to propose possible solutions to detect such attacks and implement them. The potential MPTCP scenario where security middleboxes only have access to part of the traffic is also investigated and addressed. Moreover, the thesis contributes a machine learning based approach to help security middleboxes detect malware in encrypted traffic without decryption.

Abstract [en]

The Internet of today has intermediary devices known as middleboxes thatperform more functions than the normal packet forwarding function of arouter. Security middleboxes are a subset of these middleboxes and face anincreasingly difficult task to perform their functions correctly in the wake ofemerging protocols and technologies on the Internet. Security middleboxesmake many assumptions about the traffic, e.g., they assume that traffic froma single connection always arrives over the same path and they often expectto observe plaintext data. These along with many other assumptions may nothold true any longer with the advent of new protocols such as MPTCP andtechnologies like end-to-end encryption.

The work in this thesis focuses on security middleboxes and the challengesthey face in performing their functions in an evolving Internet where newnetworking protocols and technologies are regularly introduced. We developmethods and solutions to help these security middleboxes continue to functioncorrectly. In particular, we investigate the case of using MPTCP overtraditional security infrastructure as well as the case of end-to-end encryption.

We study how practical it is to evade a security middlebox by fragmentingand sending traffic across multiple paths using MPTCP. Attack traffic that isgenerated from a self-developed tool is used to evaluate such attacks to showthat these attacks are feasible. We then go on to propose possible solutionsto detect such attacks and implement them. The potential MPTCP scenariowhere security middleboxes only have access to part of the traffic is also investigated.Furthermore, we propose and implement an algorithm to performintrusion detection in such situations. Moreover, the thesis contributes a machinelearning based approach to help security middleboxes detect malware inencrypted traffic without decryption.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2020. p. 26
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:10
Keywords
network security, TCP, MPTCP, IDS, Snort, edit-distance, encryption
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-76291 (URN)978-91-7867-093-2 (ISBN)978-91-7867-103-8 (ISBN)
Public defence
2020-02-28, 21A342, Eva Erikssonsalen, Karlstad, 10:15 (English)
Opponent
Supervisors
Note

Article 5 part of thesis as manuscricpt, now published.

Available from: 2020-02-05 Created: 2020-01-14 Last updated: 2021-06-07Bibliographically approved

Open Access in DiVA

fulltext(389 kB)437 downloads
File information
File name FULLTEXT03.pdfFile size 389 kBChecksum SHA-512
f85c680928d2ecd87fc1c79aa6cc00376814bf01a2e20169c75f9960e62d35a2ecc7a9931453ba006c13022f7145acc1603dd45b0d9b52f4d18c04ea78152696
Type fulltextMimetype application/pdf

Other links

Publisher's full texthttps://ieeexplore.ieee.org/document/8328718/

Authority records

Afzal, ZeeshanGarcia, JohanLindskog, StefanBrunström, Anna

Search in DiVA

By author/editor
Afzal, ZeeshanGarcia, JohanLindskog, StefanBrunström, Anna
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 438 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 868 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf