@PHDTHESIS{ 2019:1472221455,
 	title = {Detecting encrypted attacks in software-defined networking},
 	year = {2019},
 	url = "http://tede2.pucrs.br/tede2/handle/tede/8809",
 	abstract = "Security is one of the major concerns for the computer network community due to resource abuse and malicious flows intrusion. Nowadays, cryptography is being widely used as a standard for securing data exchange on the Internet. However, attackers are improving methods by using encryption over malicious packets or flows so that it may be more difficult to being detected. Furthermore, those attacks are more effective on their malicious purposes when cryptography is used. Usually, before a network or a system is attacked, to perform a denial of service, for example, a port scan is performed to discover vulnerabilities, such as open ports. Several studies have addressed Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) methods for detecting and preventing attacks, based on flows or packet data analysis. However, typically those methods lead to an increase in switching latency, due to the need to analyze flows or packets before routing them. This may also increase network overhead when flows or packets are duplicated to be parsed by an external IDS. On the one hand, an IDS/IPS may be a bottleneck on the network and may not be useful, specially if traffic is encrypted. On the other hand, the new paradigm called Software-Defined Networking (SDN) provides statistical information about the network that may be used for detecting malicious activities. Hence, this work presents an approach for detecting encrypted malicious activity in SDN, such as port scan, denial of service and generic attacks, based on switch counters data. Thus, the developed methods are nonintrusive and lightweight, with low network overhead and low memory and processing power consumption. The results show that our methods are effective on detecting such attacks by discovering anomalies on the network activities, even when flows or packets are encrypted.",
 	publisher = {Pontif?cia Universidade Cat?lica do Rio Grande do Sul},
 	scholl = {Programa de P?s-Gradua??o em Ci?ncia da Computa??o},
 	note = {Escola Polit?cnica}
}