Fingerprinting encrypted network traffic types using machine learning

Internet applications rely on strong encryption techniques to protect the content of all communications between client and server. These encryption algorithms ensure that third parties are unable to obtain the plain text data but also make it hard for the network administrator to enforce restriction...

Full description

Saved in:
Bibliographic Details
Published inNOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium pp. 1 - 5
Main Authors Leroux, Sam, Bohez, Steven, Maenhaut, Pieter-Jan, Meheus, Nathan, Simoens, Pieter, Dhoedt, Bart
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.04.2018
Subjects
Data models
Encryption
Feature extraction
Machine learning
Relays
Timing
Online AccessGet full text
ISSN2374-9709
DOI10.1109/NOMS.2018.8406218

Cover

More Information
Summary:Internet applications rely on strong encryption techniques to protect the content of all communications between client and server. These encryption algorithms ensure that third parties are unable to obtain the plain text data but also make it hard for the network administrator to enforce restrictions on the types of traffic that are allowed. In this paper we show that we can train accurate machine learning models which can predict the type of traffic going through an IPsec or TOR tunnel based on features extracted from the encrypted streams. We use small, fast to execute machine learning models that work on small windows of data. This makes it possible to use our approach in real-time, for example as part of a Quality of Service (QoS) system.
ISSN:2374-9709
DOI:10.1109/NOMS.2018.8406218