Nowadays, the Internet is established in numerous areas of everyday life.  In recent years the Internet has evolved in to a critical communication infrastructure that is omnipresent in almost all aspects of daily life. This dependence of modern societies on the Internet has also resulted in more criminals using the Internet for their purposes, causing a steady increase of attacks, both in terms of quantity as well as quality. Attacks against web applications constitute a serious problem. Intrusion Detection Systems (IDSes) are one solution, however, these systems do not work effectively when the accesses are encrypted by protocols. Because the IDSes inspect the contents of a packet, it is difficult to find attacks by the current IDS. This approach applies encrypted traffic analysis to intrusion detection, which analyzes contents of encrypted traffic using only data size and timing without decryption. First, the system extracts information from encrypted traffic, which is a set comprising data size and timing or each web client. Second, the accesses are distinguished based on similarity of the information and access frequencies are calculated. Finally, malicious activities are detected according to rules generated from the frequency. The system does not extract private information or require enormous pre-operation beforehand, which are needed in conventional encrypted traffic analysis. Although research on the detection of attacks has been performed for several decades, today’s systems are not able to cope with modern attack vectors. One of the reasons is the increasing use of encrypted communication that strongly limits the detection of malicious activities. To overcome this shortcoming here present a new behavior-based detection architecture that uses similarity measurements to detect intrusions as well as insider activities like data exfiltration in encrypted environments. Similarity based intrusion and extrusion detection show that the system detects various attacks like SQL injection, DOS, Bruteforce Attacks with a high degree of accuracy.

R. Koch, “Behavior-Based Intrusion Detection in Encrypted Environments,” PhD thesis, Universitat der Bundeswehr Munchen, Germany,; Available: id=89539, ISBN-13:IEEE Communications Magazine, vol.12,2014.

Young-Su Jang, Jin-Young Choi,”Detecting SQL injection attacks using query result size “, Elsevier, pp. 23–26, 2014.

Liu Yang a, Rezwana Karim a, Vinod Ganapathy a, Randy Smith,” Fast, memory-efficient regular expression matching with NFA-OBDDs “, 2013

Monowar H. Bhuyana,, D. K. Bhattacharyyab, J. K. Kalitac, “ An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection “, 2014

V. Paxson, “Bro: A system for detecting network intruders in real-time,”Computer Networks, vol. 31, pp. 2435–2463, Dec. 2013

Jaspreet Kaur , Rupinder Singh and Pawandeep Kaur “Prevention of DDoS and Brute Force Attacks on Web Log Files using Combination Neural Network “, International Journal of Computer Applications Volume 120 – No.23, June 2015

H. Nakahara, T. SasaoA Regular Expression Matching Circuit Based on a Modular Non-Deterministic Finite Automaton with Multi-Character Transition vol 21, june 2014

Ming-Yang Su “Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers”,vol 65,2014