Fighting TLS Attacks: An Autoencoder-Based Model for Heartbleed Attack Detection

The increase in connectivity capabilities, resources, and data availability, has undoubtedly brought many advantages in gaining access to services quickly, but it also made possible numerous and sophisticated cybersecurity attacks affecting nowadays companies, national infrastructures, organizations, and, ultimately, users across the globe. Some cyberattacks, namely the zero-day attacks are difficult to counter, because by the time such attacks are discovered and countermeasures are implemented and deployed, other unknown attack variants might occur. Thus, in recent years, anomaly-based Intrusion Detection Systems (IDS) using machine learning (ML) and deep learning (DL) techniques have been proposed to mitigate such attacks, namely the "unknown" attacks. An anomaly-based IDS performs traffic analysis by exploiting supervised or unsupervised ML and DL algorithms and raises alerts if a suspicious pattern is encountered. In this paper, we use an anomaly-based security attack detection model exploiting the unsupervised ML autoencoder model to detect variants of the Heartbleed attack affecting the famous Transport Layer Security (TLS) protocol. By using the CIC-IDS2017 dataset and a custom Heartbleed dataset, we evaluate our model for detecting the Heartbleed attack. The results are encouraging, since the proposed autoencoder-based model recognizes Heartbleed TLS anomalies and distinguishes them from the benign traffic in 85% of the tested cases.