Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Analysis of encrypted network flow.
Статті в журналах з теми "Analysis of encrypted network flow"
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 статей у журналах для дослідження на тему "Analysis of encrypted network flow".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте статті в журналах для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Yan, Xiaodan. "Deep Learning-Based Efficient Analysis for Encrypted Traffic." Applied Sciences 13, no. 21 (October 27, 2023): 11776. http://dx.doi.org/10.3390/app132111776.
Повний текст джерелаАнотація:
To safeguard user privacy, critical Internet traffic is often transmitted using encryption. While encryption is crucial for protecting sensitive information, it poses challenges for traffic identification and poses hidden dangers to network security. As a result, the precise classification of encrypted network traffic has become a crucial problem in network security. In light of this, our paper proposes an encrypted traffic identification method based on the C-LSTM model for encrypted traffic recognition by leveraging the power of deep learning. This method can effectively extract spatial and temporal features from encrypted traffic, enabling accurate identification of traffic types. Through rigorous testing and evaluation, our system has achieved an impressive accuracy rate of 96.4% on the widely used ISCXVPN2016 dataset. This achievement demonstrates the effectiveness and reliability of our method in accurately classifying encrypted network traffic. By addressing the challenges posed by encrypted traffic identification, our research contributes to enhancing network security and privacy protection.
2
Jiang, Ziyu. "Bidirectional Flow-Based Image Representation Method for Detecting Network Traffic Service Categories." Highlights in Science, Engineering and Technology 85 (March 13, 2024): 89–95. http://dx.doi.org/10.54097/mwyge502.
Повний текст джерелаАнотація:
Network traffic identification is crucial for network resource management and improving service quality. Traditional methods, such as port-based and deep packet inspection approaches, face challenges due to the increasing complexity of network environments, privacy concerns, and the emergence of encrypted traffic. This paper aims to address the issues of low accuracy and slow operation speed in encrypted traffic classification while ensuring the protection of user privacy. We propose a data processing method that transforms network traffic into images representing bidirectional flow packet arrival timestamps and packet sizes. By employing this data processing approach and utilizing deep recognition algorithms, the study conducts service analysis on network traffic. Experimental results demonstrate that the bidirectional flow-based image representation method achieves a 90.9% accuracy rate for the traffic analysis task on a TOR-encrypted imbalanced dataset, surpassing the accuracy of the unidirectional flow image method. Furthermore, the method also shows improvements in operation speed, enabling online network traffic detection.
3
Ma, Chencheng, Xuehui Du, and Lifeng Cao. "Improved KNN Algorithm for Fine-Grained Classification of Encrypted Network Flow." Electronics 9, no. 2 (February 13, 2020): 324. http://dx.doi.org/10.3390/electronics9020324.
Повний текст джерелаАнотація:
The fine-grained classification of encrypted traffic is important for network security analysis. Malicious attacks are usually encrypted and simulated as normal application or content traffic. Supervised machine learning methods are widely used for traffic classification and show good performances. However, they need a large amount of labeled data to train a model, while labeled data is hard to obtain. Aiming at solving this problem, this paper proposes a method to train a model based on the K-nearest neighbor (KNN) algorithm, which only needs a small amount of data. Due to the fact that the importance of different traffic features varies, and traditional KNN does not highlight the importance of different features, this study introduces the concept of feature weight and proposes the weighted feature KNN (WKNN) algorithm. Furthermore, to obtain the optimal feature set and the corresponding feature weight set, a feature selection and feature weight self-adaptive algorithm for WKNN is proposed. In addition, a three-layer classification framework for encrypted network flows is established. Based on the improved KNN and the framework, this study finally presents a method for fine-grained classification of encrypted network flows, which can identify the encryption status, application type and content type of encrypted network flows with high accuracies of 99.3%, 92.4%, and 97.0%, respectively.
4
Meghdouri, Fares, Tanja Zseby, and Félix Iglesias. "Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic." Applied Sciences 8, no. 11 (November 9, 2018): 2196. http://dx.doi.org/10.3390/app8112196.
Повний текст джерелаАнотація:
The consolidation of encryption and big data in network communications have made deep packet inspection no longer feasible in large networks. Early attack detection requires feature vectors which are easy to extract, process, and analyze, allowing their generation also from encrypted traffic. So far, experts have selected features based on their intuition, previous research, or acritically assuming standards, but there is no general agreement about the features to use for attack detection in a broad scope. We compared five lightweight feature sets that have been proposed in the scientific literature for the last few years, and evaluated them with supervised machine learning. For our experiments, we use the UNSW-NB15 dataset, recently published as a new benchmark for network security. Results showed three remarkable findings: (1) Analysis based on source behavior instead of classic flow profiles is more effective for attack detection; (2) meta-studies on past research can be used to establish satisfactory benchmarks; and (3) features based on packet length are clearly determinant for capturing malicious activity. Our research showed that vectors currently used for attack detection are oversized, their accuracy and speed can be improved, and are to be adapted for dealing with encrypted traffic.
5
Afzal, Asmara, Mehdi Hussain, Shahzad Saleem, M. Khuram Shahzad, Anthony T. S. Ho, and Ki-Hyun Jung. "Encrypted Network Traffic Analysis of Secure Instant Messaging Application: A Case Study of Signal Messenger App." Applied Sciences 11, no. 17 (August 24, 2021): 7789. http://dx.doi.org/10.3390/app11177789.
Повний текст джерелаАнотація:
Instant messaging applications (apps) have played a vital role in online interaction, especially under COVID-19 lockdown protocols. Apps with security provisions are able to provide confidentiality through end-to-end encryption. Ill-intentioned individuals and groups use these security services to their advantage by using the apps for criminal, illicit, or fraudulent activities. During an investigation, the provision of end-to-end encryption in apps increases the complexity for digital forensics investigators. This study aims to provide a network forensic strategy to identify the potential artifacts from the encrypted network traffic of the prominent social messenger app Signal (on Android version 9). The analysis of the installed app was conducted over fully encrypted network traffic. By adopting the proposed strategy, the forensic investigator can easily detect encrypted traffic activities such as chatting, media messages, audio, and video calls by looking at the payload patterns. Furthermore, a detailed analysis of the trace files can help to create a list of chat servers and IP addresses of involved parties in the events. As a result, the proposed strategy significantly facilitates extraction of the app’s behavior from encrypted network traffic which can then be used as supportive evidence for forensic investigation.
6
Oh, Chaeyeon, Joonseo Ha, and Heejun Roh. "A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers." Applied Sciences 12, no. 1 (December 24, 2021): 155. http://dx.doi.org/10.3390/app12010155.
Повний текст джерелаАнотація:
Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.
7
Haywood, Gregor Tamati, and Saleem Noel Bhatti. "Defence against Side-Channel Attacks for Encrypted Network Communication Using Multiple Paths." Cryptography 8, no. 2 (May 28, 2024): 22. http://dx.doi.org/10.3390/cryptography8020022.
Повний текст джерелаАнотація:
As more network communication is encrypted to provide data privacy for users, attackers are focusing their attention on traffic analysis methods for side-channel attacks on user privacy. These attacks exploit patterns in particular features of communication flows such as interpacket timings and packet sizes. Unsupervised machine learning approaches, such as Hidden Markov Models (HMMs), can be trained on unlabelled data to estimate these flow attributes from an exposed packet flow, even one that is encrypted, so it is highly feasible for an eavesdropper to perform this attack. Traditional defences try to protect specific side channels by modifying the packet transmission for the flow, e.g., by adding redundant information (padding of packets or use of junk packets) and perturbing packet timings (e.g., artificially delaying packet transmission at the sender). Such defences incur significant overhead and impact application-level performance metrics, such as latency, throughput, end-to-end delay, and jitter. Furthermore, these mechanisms can be complex, often ineffective, and are not general solutions—a new profile must be created for every application, which is an infeasible expectation to place on software developers. We show that an approach exploiting multipath communication can be effective against HMM-based traffic analysis. After presenting the core analytical background, we demonstrate the efficacy of this approach with a number of diverse, simulated traffic flows. Based on the results, we define some simple design rules for software developers to adopt in order to exploit the mechanism we describe, including a critical examination of existing communication protocol behavior.
8
Hu, Xinyi, Chunxiang Gu, Yihang Chen, and Fushan Wei. "CBD: A Deep-Learning-Based Scheme for Encrypted Traffic Classification with a General Pre-Training Method." Sensors 21, no. 24 (December 9, 2021): 8231. http://dx.doi.org/10.3390/s21248231.
Повний текст джерелаАнотація:
With the rapid increase in encrypted traffic in the network environment and the increasing proportion of encrypted traffic, the study of encrypted traffic classification has become increasingly important as a part of traffic analysis. At present, in a closed environment, the classification of encrypted traffic has been fully studied, but these classification models are often only for labeled data and difficult to apply in real environments. To solve these problems, we propose a transferable model called CBD with generalization abilities for encrypted traffic classification in real environments. The overall structure of CBD can be generally described as a of one-dimension CNN and the encoder of Transformer. The model can be pre-trained with unlabeled data to understand the basic characteristics of encrypted traffic data, and be transferred to other datasets to complete the classification of encrypted traffic from the packet level and the flow level. The performance of the proposed model was evaluated on a public dataset. The results showed that the performance of the CBD model was better than the baseline methods, and the pre-training method can improve the classification ability of the model.
9
Vizitiu, Anamaria, Cosmin-Ioan Nita, Radu Miron Toev, Tudor Suditu, Constantin Suciu, and Lucian Mihai Itu. "Framework for Privacy-Preserving Wearable Health Data Analysis: Proof-of-Concept Study for Atrial Fibrillation Detection." Applied Sciences 11, no. 19 (September 28, 2021): 9049. http://dx.doi.org/10.3390/app11199049.
Повний текст джерелаАнотація:
Medical wearable devices monitor health data and, coupled with data analytics, cloud computing, and artificial intelligence (AI), enable early detection of disease. Privacy issues arise when personal health information is sent or processed outside the device. We propose a framework that ensures the privacy and integrity of personal medical data while performing AI-based homomorphically encrypted data analytics in the cloud. The main contributions are: (i) a privacy-preserving cloud-based machine learning framework for wearable devices, (ii) CipherML—a library for fast implementation and deployment of deep learning-based solutions on homomorphically encrypted data, and (iii) a proof-of-concept study for atrial fibrillation (AF) detection from electrocardiograms recorded on a wearable device. In the context of AF detection, two approaches are considered: a multi-layer perceptron (MLP) which receives as input the ECG features computed and encrypted on the wearable device, and an end-to-end deep convolutional neural network (1D-CNN), which receives as input the encrypted raw ECG data. The CNN model achieves a lower mean F1-score than the hand-crafted feature-based model. This illustrates the benefit of hand-crafted features over deep convolutional neural networks, especially in a setting with a small training data. Compared to state-of-the-art results, the two privacy-preserving approaches lead, with reasonable computational overhead, to slightly lower, but still similar results: the small performance drop is caused by limitations related to the use of homomorphically encrypted data instead of plaintext data. The findings highlight the potential of the proposed framework to enhance the functionality of wearables through privacy-preserving AI, by providing, within a reasonable amount of time, results equivalent to those achieved without privacy enhancing mechanisms. While the chosen homomorphic encryption scheme prioritizes performance and utility, certain security shortcomings remain open for future development.
10
Choudhary, Swapna, and Sanjay Dorle. "Secured SDN Based Blockchain: An Architecture to Improve the Security of VANET." International journal of electrical and computer engineering systems 13, no. 2 (February 28, 2022): 145–53. http://dx.doi.org/10.32985/ijeces.13.2.7.
Повний текст джерелаАнотація:
Vehicular Ad-hoc networks (VANETs) during the communication process, nodes are always varying and the process is always under security threats like Sybil attacks, masquerading attacks, etc. In order to reduce the probability of these attacks and to regulate traffic flow in the network, a software-defined network (SDN) is used. The SDN is used for implementing protocols like OpenFlow and reducing the routing load in the network, but it doesn’t provide a high level of security to the network, hence protocols like encryption, hashing, etc. are applied to the VANET. In the paper, SDN based blockchain-inspired algorithm is implemented, which coordinates network traffic and improves the overall security of the network. Security analysis of the proposed algorithm shows that the combination of blockchain with encrypted SDN is removing more than 95% of the network attacks as compared to its non-blockchain counterparts.
11
Demertzis, Konstantinos, Panayiotis Kikiras, Nikos Tziritas, Salvador Sanchez, and Lazaros Iliadis. "The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence." Big Data and Cognitive Computing 2, no. 4 (November 22, 2018): 35. http://dx.doi.org/10.3390/bdcc2040035.
Повний текст джерелаАнотація:
A Security Operations Center (SOC) can be defined as an organized and highly skilled team that uses advanced computer forensics tools to prevent, detect and respond to cybersecurity incidents of an organization. The fundamental aspects of an effective SOC is related to the ability to examine and analyze the vast number of data flows and to correlate several other types of events from a cybersecurity perception. The supervision and categorization of network flow is an essential process not only for the scheduling, management, and regulation of the network’s services, but also for attacks identification and for the consequent forensics’ investigations. A serious potential disadvantage of the traditional software solutions used today for computer network monitoring, and specifically for the instances of effective categorization of the encrypted or obfuscated network flow, which enforces the rebuilding of messages packets in sophisticated underlying protocols, is the requirements of computational resources. In addition, an additional significant inability of these software packages is they create high false positive rates because they are deprived of accurate predicting mechanisms. For all the reasons above, in most cases, the traditional software fails completely to recognize unidentified vulnerabilities and zero-day exploitations. This paper proposes a novel intelligence driven Network Flow Forensics Framework (NF3) which uses low utilization of computing power and resources, for the Next Generation Cognitive Computing SOC (NGC2SOC) that rely solely on advanced fully automated intelligence methods. It is an effective and accurate Ensemble Machine Learning forensics tool to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification.
12
Lienkov, S. V., V. M. Dzhuliy, and I. V. Muliar. "METHOD OF CLASSIFICATION OF PSEUDO-RANDOM SEQUENCES OF COMPRESSED AND ENCRYPTED DATA TO PREVENT INFORMATION LEAKAGE." Collection of scientific works of the Military Institute of Kyiv National Taras Shevchenko University, no. 82 (2024): 77–93. http://dx.doi.org/10.17721/2519-481x/2024/82-09.
Повний текст джерелаАнотація:
The considered task of developing a method for classifying pseudo-random sequences of protection against the leakage of confidential information based on the division of compressed and encrypted data can be used to detect network attacks on data transmission networks, in means of prevention and detection of information leakage, as well as in software products that implement services of electronic mail. It is shown that data security threats are characterized by a set of qualitative and quantitative vector indicators, and their formalization requires the application of fuzzy set theory and discrete mathematics. It is shown that it is impossible to use expert traditional assessment methods to determine most of the considered indicators. To minimize the risk of leakage of confidential information, it is suggested to form groups of employees and calculate the risk of leakage of confidential data for each of them. Modern means of preventing and detecting information leaks use various methods of data flow analysis. The main ones include contextual and content methods. The above methods are not able to detect a data leak in compressed and encrypted form, and the addition of digital signatures allows you to mask encrypted data as compressed in a simple way, in the field of information security, behavioral methods of data flow analysis and machine learning algorithms have found wide use. One of the main difficulties in this situation is the construction of data models, processing and search of the feature space. The proposed method of classifying pseudo-random sequences takes into account the discriminating ability of statistical features, it can be implemented into existing means of preventing and detecting information leaks in order to eliminate the mentioned shortcomings. An encrypted data stream can be transmitted from employee workstations, various information systems, and network storage. To evaluate the effectiveness of the proposed method of protection against leakage of confidential data, experiments were conducted to determine the accuracy of binary classification of compressed and encrypted data depending on the types of input sequences subjected to compression procedures. In the course of practical implementation, a quantitative assessment of the classification accuracy of pseudorandom sequences was carried out depending on the parameters of the proposed classifier. The choice of the subsequence length of nine bits is justified as the most rational value, which allows to achieve classification of pseudo-random sequences with high accuracy and minimal time for the classification procedure. The choice of the optimal scanning window of the classifier with a size of 500 kb is justified. Depending on the requirements for accuracy and speed of data analysis, two modes of operation are proposed: scanning of a randomly selected fragment of a file with a size of 500 kb; scanning the entire file with a 500 KB scanning window. A description of the places of implementation of the proposed method of classifying pseudo-random sequences into e-mail protection subsystems, network attack detection systems, means of preventing and detecting information leaks is given. A comparative evaluation of the proposed algorithm with known analogues in the subject area of research was carried out.
13
He, Gaofeng, Bingfeng Xu, and Haiting Zhu. "AppFA: A Novel Approach to Detect Malicious Android Applications on the Network." Security and Communication Networks 2018 (April 17, 2018): 1–15. http://dx.doi.org/10.1155/2018/2854728.
Повний текст джерелаАнотація:
We propose AppFA, an Application Flow Analysis approach, to detect malicious Android applications (simply apps) on the network. Unlike most of the existing work, AppFA does not need to install programs on mobile devices or modify mobile operating systems to extract detection features. Besides, it is able to handle encrypted network traffic. Specifically, we propose a constrained clustering algorithm to classify apps network traffic, and use Kernel Principal Component Analysis to build their network behavior profiles. After that, peer group analysis is explored to detect malicious apps by comparing apps’ network behavior profiles with the historical data and the profiles of their selected peer groups. These steps can be repeated every several minutes to meet the requirement of online detection. We have implemented AppFA and tested it with a public dataset. The experimental results show that AppFA can cluster apps network traffic efficiently and detect malicious Android apps with high accuracy and low false positive rate. We have also tested the performance of AppFA from the computational time standpoint.
14
Ren, Guoqiang, Guang Cheng, and Nan Fu. "Accurate Encrypted Malicious Traffic Identification via Traffic Interaction Pattern Using Graph Convolutional Network." Applied Sciences 13, no. 3 (January 23, 2023): 1483. http://dx.doi.org/10.3390/app13031483.
Повний текст джерелаАнотація:
Telecommuting and telelearning have gradually become mainstream lifestyles in the post-epidemic era. The extensive interconnection of massive terminals gives attackers more opportunities, which brings more significant challenges to network traffic security analysis. The existing attacks, often using encryption technology and distributed attack methods, increase the number and complexity of attacks. However, the traditional methods need more analysis of encrypted malicious traffic interaction patterns and cannot explore the potential correlations of interaction patterns in a macroscopic and comprehensive manner. Anyway, the changes in interaction patterns caused by attacks also need further study. Therefore, to achieve accurate and effective identification of attacks, it is essential to comprehensively describe the interaction patterns of malicious traffic and portray the relations of interaction patterns with the appearance of attacks. We propose a method for classifying attacks based on the traffic interaction attribute graph, named G-TIAG. At first, the G-TIAG studies interaction patterns of traffic describes the construction rule of the graphs and selects the attributive features of nodes in each graph. Then, it uses a convolutional graph network with a GRU and self-attention to classify benign data and different attacks. Our approach achieved the best classification results, with 89% accuracy and F1-Score, 88% recall, respectively, on publicly available datasets. The improvement is about 7% compared to traditional machine learning classification results and about 6% compared to deep learning classification results, which finally successfully achieved the classification of attacks.
15
Subach, Ihor, Dmytro Sharadkin, and Ihor Yakoviv. "APPLICATION OF METRIC METHODS OF HISTOGRAM COMPARISON FOR DETECTING CHANGES IN ENCRYPTED NETWORK TRAFFIC." Cybersecurity: Education, Science, Technique 1, no. 25 (2024): 434–48. http://dx.doi.org/10.28925/2663-4023.2024.25.434448.
Повний текст джерелаАнотація:
With the increase in the share of encrypted traffic transmitted over the Internet, it has become impossible to directly identify the causes of anomalies in network behavior due to the lack of access to the contents of encrypted packets. This has significantly complicated the task of identifying information security threats. Only external symptoms are available for analysis, which manifest as changes in certain basic traffic parameters, such as volume, intensity, delays between packets, etc. As a result, the role and importance of algorithms for detecting changes in traffic have increased. These algorithms, using modern methods like machine learning, can identify various types of anomalies, including previously unknown ones. They analyze network traffic parameters which are available for direct measurement, presenting their development as time series. One of the least studied classes of such algorithms is the direct comparison of histograms of time series value distributions at different time intervals, particularly a subclass known as metric algorithms. These algorithms are based on the assumption that differences between histograms of time series values at adjacent observation intervals indicate changes in the flow of events that generate network traffic. However, the problem of measuring the difference or similarity between histograms, which are considered as objects in a multidimensional space, does not have a unambiguous solution. The paper analyzes existing histogram similarity metrics and describes a series of studies using statistical modeling. These studies evaluated the dependence of algorithm efficiency on external parameters and compared algorithms within this class to other change detection algorithms. This analysis made it possible to assess the practical application of these algorithms. The results showed that metric algorithms for comparing histograms can demonstrate high performance and, in some cases, outperform other known algorithms for detecting changes in time series. They ensure a reduction in the number of false positives and a decrease in the delay between the moment a change appears in the observed object and the moment it is detected by the algorithm.
16
Chaddad, Louma, Ali Chehab, Imad H. Elhajj, and Ayman Kayssi. "Optimal Packet Camouflage Against Traffic Analysis." ACM Transactions on Privacy and Security 24, no. 3 (August 31, 2021): 1–23. http://dx.doi.org/10.1145/3442697.
Повний текст джерелаАнотація:
Research has proved that supposedly secure encrypted network traffic is actually threatened by privacy and security violations from many aspects. This is mainly due to flow features leaking evidence about user activity and data content. Currently, adversaries can use statistical traffic analysis to create classifiers for network applications and infer users’ sensitive data. In this article, we propose a system that optimally prevents traffic feature leaks. In our first algorithm, we model the packet length probability distribution of the source app to be protected and that of the target app that the source app will resemble. We define a model that mutates the packet lengths of a source app to those lengths from the target app having similar bin probability. This would confuse a classifier by identifying a mutated source app as the target app. In our second obfuscation algorithm, we present an optimized scheme resulting in a trade-off between privacy and complexity overhead. For this reason, we propose a mathematical model for network obfuscation. We formulate analytically the problem of selecting the target app and the length from the target app to mutate to. Then, we propose an algorithm to solve it dynamically. Extensive evaluation of the proposed models, on real app traffic traces, shows significant obfuscation efficiency with relatively acceptable overhead. We were able to reduce a classification accuracy from 91.1% to 0.22% using the first algorithm, with 11.86% padding overhead. The same classification accuracy was reduced to 1.76% with only 0.73% overhead using the second algorithm.
17
Lapshichyov, Vitaly, and Oleg Makarevich. "Identification of the "Tor" Network https-Connection Version tls v1.3." Voprosy kiberbezopasnosti, no. 6(40) (2020): 57–62. http://dx.doi.org/10.21681/2311-3456-2020-06-57-62.
Повний текст джерелаАнотація:
Purpose of the study: compilation of a set of features that allow to detect and identify the establishment of a connection between the client and the anonymous network Tor in conditions of using encryption of the data stream using the TLS v1.3 protocol. Method: software analysis of the data flow, frequency methods, decomposition of the content of data packets according to their number, sequence, finding frames in a packet and sizes, a comparative method in point of different versions of the encryption protocol and resources making the connection were used. Results: a set of features of the Tor network connection established using TLS v1.3 encryption was compiled, allowing to detect and identify in the data stream a “handshake” between the client and the Tor network in order to legally block the connection; a comparative analysis of the data of the Tor network and the VKontakte social network during the establishment of an encrypted connection was carried out; studied and described the structure and differences of the “handshake” of the TLS protocols v1.2 and v1.3; the structure, size and arrangement of frames and data packets of the Tor network and a connection of other network type, both using TLS v1.3 encryption, has been revealed.
18
Selvaraj, Prabha, Vijay Kumar Burugari, S. Gopikrishnan, Abdullah Alourani , Gautam Srivastava, and Mohamed Baza. "An Enhanced and Secure Trust-Aware Improved GSO for Encrypted Data Sharing in the Internet of Things." Applied Sciences 13, no. 2 (January 7, 2023): 831. http://dx.doi.org/10.3390/app13020831.
Повний текст джерелаАнотація:
Wireless sensors and actuator networks (WSNs) are the physical layer implementation used for many smart applications in this decade in the form of the Internet of Things (IoT) and cyber-physical systems (CPS). Even though many research concerns in WSNs have been answered, the evolution of the WSN into an IoT network has exposed it to many new technical issues, including data security, multi-sensory multi-communication capabilities, energy utilization, and the age of information. Cluster-based data collecting in the Internet of Things has the potential to address concerns with data freshness and energy efficiency. However, it may not offer reliable network data security. This research presents an improved method for data sharing and cluster head (CH) selection using the hybrid Vlsekriterijumska Optimizacija I Kompromisno Resenje (VIKOR) method in conjunction with glowworm swarm optimization (GSO) strategies based on the energy, trust value, bandwidth, and memory to address this security-enabled, cluster-based data aggregation in the IoT. Next, we aggregate the data after the cluster has been built using a genetic algorithm (GA). After aggregation, the data are encrypted and delivered securely using the TIGSO-EDS architecture. Cuckoo search is used to analyze the data and choose the best route for sending them. The proposed model’s analysis of the results is analyzed, and its uniqueness has been demonstrated via comparison with existing models. TIGSO-EDS reduces energy consumption each round by 12.71–19.96% and increases the percentage of successfully delivered data packets from 2.50% to 5.66%.
19
Singh, Purushottam, Sandip Dutta, and Prashant Pranav. "Optimizing GANs for Cryptography: The Role and Impact of Activation Functions in Neural Layers Assessing the Cryptographic Strength." Applied Sciences 14, no. 6 (March 12, 2024): 2379. http://dx.doi.org/10.3390/app14062379.
Повний текст джерелаАнотація:
Generative Adversarial Networks (GANs) have surfaced as a transformative approach in the domain of cryptography, introducing a novel paradigm where two neural networks, the generator (akin to Alice) and the discriminator (akin to Bob), are pitted against each other in a cryptographic setting. A third network, representing Eve, attempts to decipher the encrypted information. The efficacy of this encryption–decryption process is deeply intertwined with the choice of activation functions employed within these networks. This study conducted a comparative analysis of four widely used activation functions within a standardized GAN framework. Our recent explorations underscore the superior performance achieved when utilizing the Rectified Linear Unit (ReLU) in the hidden layers combined with the Sigmoid activation function in the output layer. The non-linear nature introduced by the ReLU provides a sophisticated encryption pattern, rendering the deciphering process for Eve intricate. Simultaneously, the Sigmoid function in the output layer guarantees that the encrypted and decrypted messages are confined within a consistent range, facilitating a straightforward comparison with original messages. The amalgamation of these activation functions not only bolsters the encryption strength but also ensures the fidelity of the decrypted messages. These findings not only shed light on the optimal design considerations for GAN-based cryptographic systems but also underscore the potential of investigating hybrid activation functions for enhanced system optimization. In our exploration of cryptographic strength and training efficiency using various activation functions, we discovered that the “ReLU and Sigmoid” combination significantly outperforms the others, demonstrating superior security and a markedly efficient mean training time of 16.51 s per 2000 steps. This highlights the enduring effectiveness of established methodologies in cryptographic applications. This paper elucidates the implications of these choices, advocating for their adoption in GAN-based cryptographic models, given the superior results they yield in ensuring security and accuracy.
20
Wang, Wei, Cheng Sheng Sun, and Jia Ning Ye. "A Method for TLS Malicious Traffic Identification Based on Machine Learning." Advances in Science and Technology 105 (April 2021): 291–301. http://dx.doi.org/10.4028/www.scientific.net/ast.105.291.
Повний текст джерелаАнотація:
With more and more malicious traffic using TLS protocol encryption, efficient identification of TLS malicious traffic has become an increasingly important task in network security management in order to ensure communication security and privacy. Most of the traditional traffic identification methods on TLS malicious encryption only adopt the common characteristics of ordinary traffic, which results in the increase of coupling among features and then the low identification accuracy. In addition, most of the previous work related to malicious traffic identification extracted features directly from the data flow without recording the extraction process, making it difficult for subsequent traceability. Therefore, this paper implements an efficient feature extraction method with structural correlation for TLS malicious encrypted traffic. The traffic feature extraction process is logged in modules, and the index is used to establish relevant information links, so as to analyse the context and facilitate subsequent feature analysis and problem traceability. Finally, Random Forest is used to realize efficient TLS malicious traffic identification with an accuracy of up to 99.38%.
21
Salim, Mikail Mohammed, Inyeung Kim, Umarov Doniyor, Changhoon Lee, and Jong Hyuk Park. "Homomorphic Encryption Based Privacy-Preservation for IoMT." Applied Sciences 11, no. 18 (September 20, 2021): 8757. http://dx.doi.org/10.3390/app11188757.
Повний текст джерелаАнотація:
Healthcare applications store private user data on cloud servers and perform computation operations that support several patient diagnoses. Growing cyber-attacks on hospital systems result in user data being held at ransom. Furthermore, mathematical operations on data stored in the Cloud are exposed to untrusted external entities that sell private data for financial gain. In this paper, we propose a privacy-preserving scheme using homomorphic encryption to secure medical plaintext data from being accessed by attackers. Secret sharing distributes computations to several virtual nodes on the edge and masks all arithmetic operations, preventing untrusted cloud servers from learning the tasks performed on the encrypted patient data. Virtual edge nodes benefit from cloud computing resources to accomplish computing-intensive mathematical functions and reduce latency in device–edge node data transmission. A comparative analysis with existing studies demonstrates that homomorphically encrypted data stored at the edge preserves data privacy and integrity. Furthermore, secret sharing-based multi-node computation using virtual nodes ensures data confidentiality from untrusted cloud networks.
22
Li, Mengyao, Xianwen Fang, and Asimeng Ernest. "A Color Image Encryption Method Based on Dynamic Selection Chaotic System and Singular Value Decomposition." Mathematics 11, no. 15 (July 25, 2023): 3274. http://dx.doi.org/10.3390/math11153274.
Повний текст джерелаАнотація:
As the basis for guiding business process decisions, flowcharts contain sensitive information pertaining to process-related concepts. Therefore, it is necessary to encrypt them to protect the privacy or security of stakeholders. Using the principles of image singular value decomposition, chaotic system randomness, and neural network camouflage, a business flow chart encryption method based on dynamic selection chaotic system and singular value decomposition is proposed. Specifically, a dynamic selected chaotic system is constructed based on the nonlinear combination of one-dimensional chaotic system Logistics and Sine, and its randomness is verified. Next, using the neural network, the process image is merged into a gray matrix. The double-bit unitary matrix scrambling based on singular value decomposition is then proposed. Subsequently, using the dynamic selected chaotic system, a new sub-division diffusion method is proposed, which combines, diffuses, and performs weighted superposition to generate a matrix after diffusion and compression. Finally, the asymmetric encryption method encrypts the color image and reduces its dimensionality into a single grayscale ciphertext, and the decryption process is not the reverse of the encryption process. Simulation results and performance analysis show that the proposed image encryption scheme has good encryption performance.
23
Gao, Shu-Yang, Xiao-Hong Li, and Mao-De Ma. "A Malicious Behavior Awareness and Defense Countermeasure Based on LoRaWAN Protocol." Sensors 19, no. 23 (November 22, 2019): 5122. http://dx.doi.org/10.3390/s19235122.
Повний текст джерелаАнотація:
Low power wide area network (LoRaWAN) protocol has been widely used in various fields. With its rapid development, security issues about the awareness and defense against malicious events in the Internet of Things must be taken seriously. Eavesdroppers can exploit the shortcomings of the specification and the limited consumption performance of devices to carry out security attacks such as replay attacks. In the process of the over-the-air-activation (OTAA) for LoRa nodes, attackers can modify the data because the data is transmitted in plain text. If the user’s root key is leaked, the wireless sensor network will not be able to prevent malicious nodes from joining the network. To solve this security flaw in LoRaWAN, we propose a countermeasure called Secure-Packet-Transmission scheme (SPT) which works based on the LoRaWAN standard v1.1 to prevent replay attacks when an attacker has obtained the root key. The proposed scheme redefines the format of join-request packet, add the new One Time Password (OTP) encrypted method and changes the transmission strategy in OTAA between LoRa nodes and network server. The security evaluation by using the Burrows-Abadi-Needham logic (BAN Logic) and the Scyther shows that the security goal can be achieved. This paper also conducts extensive experiments by simulations and a testbed to perform feasibility and performance analysis. All results demonstrate that SPT is lightweight, efficient and able to defend against malicious behavior.
24
Sattar, Kanza Abdul, Takreem Haider, Umar Hayat, and Miguel D. Bustamante. "An Efficient and Secure Cryptographic Algorithm Using Elliptic Curves and Max-Plus Algebra-Based Wavelet Transform." Applied Sciences 13, no. 14 (July 20, 2023): 8385. http://dx.doi.org/10.3390/app13148385.
Повний текст джерелаАнотація:
With the advent of communication networks, protecting data from security threats has become increasingly important. To address this issue, we present a new text encryption scheme that uses a combination of elliptic curve cryptography and max-plus algebra-based wavelet transform to provide enhanced security and efficiency. The proposed encryption process consists of three main phases. In the first phase, the plaintext is encoded using ASCII characters, followed by the introduction of diffusion in its representation. In the second phase, points are computed on an elliptic curve, and a mapping method is applied to introduce randomness into the data. Finally, in the third phase, the output is decomposed using a max-plus algebra-based wavelet transform to generate the ciphertext. We conduct a comprehensive security analysis of our scheme that includes NIST analysis, entropy analysis, correlation analysis, key space, key sensitivity, plaintext sensitivity, encryption quality, ciphertext-only attack, known-plaintext attack, chosen-plaintext attack, and chosen-ciphertext attack. The findings indicate that the proposed scheme exhibits excellent encryption quality, surpassing a value of 76, which is closer to the ideal value. Moreover, the sensitivity of the plaintext is greater than 91%, indicating its high sensitivity. The correlation between the plaintext and ciphertext is very close to the ideal value of zero. The encrypted texts exhibit a high level of randomness and meet the necessary criteria for a strong key space. These characteristics contribute to its superior security, providing protection against various cryptographic attacks. Additionally, the encryption process for a 5995-character plaintext only takes 0.047 s, while decryption requires 0.038 s. Our results indicate that the proposed scheme offers high levels of security while maintaining reasonable computational efficiency. Thus, it is suitable for secure text communication in various applications. Moreover, when compared with other state-of-the-art text encryption methods, our proposed scheme exhibits better resistance to modern cryptanalysis.
25
Pachilakis, Michalis, Panagiotis Papadopoulos, Nikolaos Laoutaris, Evangelos P. Markatos, and Nicolas Kourtellis. "YourAdvalue." ACM SIGMETRICS Performance Evaluation Review 50, no. 1 (June 20, 2022): 41–42. http://dx.doi.org/10.1145/3547353.3522629.
Повний текст джерелаАнотація:
The Real Time Bidding (RTB) protocol is by now more than a decade old. During this time, a handful of measurement papers have looked at bidding strategies, personal information flow, and cost of display advertising through RTB. In this paper, we present YourAdvalue, a privacy-preserving tool for displaying to end-users in a simple and intuitive manner their advertising value as seen through RTB. Using YourAdvalue, we measure desktopRTB prices in the wild, and compare them with desktop and mobileRTB prices reported by past work. We present how it estimates ad prices that are encrypted, and how it preserves user privacy while reporting results back to a data-server for analysis. We deployed our system, disseminated its browser extension, and collected data from 200 users, including 12000 ad impressions over 11 months. By analyzing this dataset, we show that desktop RTB prices have grown 4.6x over desktop RTB prices measured in 2013, and 3.8x over mobile RTB prices measured in 2015. We also study how user demographics associate with the intensity of RTB ecosystem tracking, leading to higher ad prices. We find that exchanging data between advertisers and/or data brokers through cookie- syncronization increases the median value of displayed ads by 19%. We also find that female and younger users are more targeted, suffering more tracking (via cookie synchronization) than male or elder users. As a result of this targeting in our dataset, the advertising value (i) of women is 2.4x higher than that of men, (ii) of 25-34 year-olds is 2.5x higher than that of 35-44 year-olds, (iii) is most expensive on weekends and early mornings.
26
Wang, Guanyu, and Yijun Gu. "Multi-Task Scenario Encrypted Traffic Classification and Parameter Analysis." Sensors 24, no. 10 (May 12, 2024): 3078. http://dx.doi.org/10.3390/s24103078.
Повний текст джерелаАнотація:
The widespread use of encrypted traffic poses challenges to network management and network security. Traditional machine learning-based methods for encrypted traffic classification no longer meet the demands of management and security. The application of deep learning technology in encrypted traffic classification significantly improves the accuracy of models. This study focuses primarily on encrypted traffic classification in the fields of network analysis and network security. To address the shortcomings of existing deep learning-based encrypted traffic classification methods in terms of computational memory consumption and interpretability, we introduce a Parameter-Efficient Fine-Tuning method for efficiently tuning the parameters of an encrypted traffic classification model. Experimentation is conducted on various classification scenarios, including Tor traffic service classification and malicious traffic classification, using multiple public datasets. Fair comparisons are made with state-of-the-art deep learning model architectures. The results indicate that the proposed method significantly reduces the scale of fine-tuning parameters and computational resource usage while achieving performance comparable to that of the existing best models. Furthermore, we interpret the learning mechanism of encrypted traffic representation in the pre-training model by analyzing the parameters and structure of the model. This comparison validates the hypothesis that the model exhibits hierarchical structure, clear organization, and distinct features.
27
Pachilakis, Michalis, Panagiotis Papadopoulos, Nikolaos Laoutaris, Evangelos P. Markatos, and Nicolas Kourtellis. "YourAdvalue: Measuring Advertising Price Dynamics without Bankrupting User Privacy." Proceedings of the ACM on Measurement and Analysis of Computing Systems 5, no. 3 (December 14, 2021): 1–26. http://dx.doi.org/10.1145/3491044.
Повний текст джерелаАнотація:
The Real Time Bidding (RTB) protocol is by now more than a decade old. During this time, a handful of measurement papers have looked at bidding strategies, personal information flow, and cost of display advertising through RTB. In this paper, we present YourAdvalue, a privacy-preserving tool for displaying to end-users in a simple and intuitive manner their advertising value as seen through RTB. Using YourAdvalue, we measure desktop RTB prices in the wild, and compare them with desktop and mobile RTB prices reported by past work. We present how it estimates ad prices that are encrypted, and how it preserves user privacy while reporting results back to a data-server for analysis. We deployed our system, disseminated its browser extension, and collected data from 200 users, including 12000 ad impressions over 11 months. By analyzing this dataset, we show that desktop RTB prices have grown 4.6x over desktop RTB prices measured in 2013, and 3.8x over mobile RTB prices measured in 2015. We also study how user demographics associate with the intensity of RTB ecosystem tracking, leading to higher ad prices. We find that exchanging data between advertisers and/or data brokers through cookie-synchronization increases the median value of display ads by 19%. We also find that female and younger users are more targeted, suffering more tracking (via cookie synchronization) than male or elder users. As a result of this targeting in our dataset, the advertising value (i) of women is 2.4x higher than that of men, (ii) of 25-34 year-olds is 2.5x higher than that of 35-44 year-olds, (iii) is most expensive on weekends and early mornings.
28
Alwhbi, Ibrahim A., Cliff C. Zou, and Reem N. Alharbi. "Encrypted Network Traffic Analysis and Classification Utilizing Machine Learning." Sensors 24, no. 11 (May 29, 2024): 3509. http://dx.doi.org/10.3390/s24113509.
Повний текст джерелаАнотація:
Encryption is a fundamental security measure to safeguard data during transmission to ensure confidentiality while at the same time posing a great challenge for traditional packet and traffic inspection. In response to the proliferation of diverse network traffic patterns from Internet-of-Things devices, websites, and mobile applications, understanding and classifying encrypted traffic are crucial for network administrators, cybersecurity professionals, and policy enforcement entities. This paper presents a comprehensive survey of recent advancements in machine-learning-driven encrypted traffic analysis and classification. The primary goals of our survey are two-fold: First, we present the overall procedure and provide a detailed explanation of utilizing machine learning in analyzing and classifying encrypted network traffic. Second, we review state-of-the-art techniques and methodologies in traffic analysis. Our aim is to provide insights into current practices and future directions in encrypted traffic analysis and classification, especially machine-learning-based analysis.
29
Li, Minghui, Zhendong Wu, Keming Chen, and Wenhai Wang. "Adversarial Malicious Encrypted Traffic Detection Based on Refined Session Analysis." Symmetry 14, no. 11 (November 6, 2022): 2329. http://dx.doi.org/10.3390/sym14112329.
Повний текст джерелаАнотація:
The detection of malicious encrypted traffic is an important part of modern network security research. The producers of the current malware do not pay attention to the fact that malicious encrypted traffic can also be detected; they do not construct further adversarial malicious encrypted traffic to deceive existing malicious encrypted traffic detection methods. However, with the increasing confrontation between attack and defense, adversarial malicious encrypted traffic samples will appear gradually, which will make the existing malicious encrypted traffic detection methods obsolete. In this paper, an adversarial malicious encrypted traffic detection method based on refined session analysis (ADRSA) is proposed. The key ideas of this method are: 1) interpretability analysis is used to extract malicious traffic features that are not easily affected by encryption, 2) restoration technology is used to further improve traffic separability, and 3) a deep neural network is used to identify adversarial malicious encrypted traffic. In experimental tests, the ADRSA method could accurately detect malicious encrypted traffic, particularly adversarial malicious encrypted traffic, and the detection rate is more than 95%. However, the detection rate of other malicious encrypted traffic detection methods is almost zero when facing adversarial malicious encrypted traffic. The detection performance of ADRSA exceeds that of the most popular detection methods.
30
Jung, In-Su, Yu-Rae Song, Lelisa Adeba Jilcha, Deuk-Hun Kim, Sun-Young Im, Shin-Woo Shim, Young-Hwan Kim, and Jin Kwak. "Enhanced Encrypted Traffic Analysis Leveraging Graph Neural Networks and Optimized Feature Dimensionality Reduction." Symmetry 16, no. 6 (June 12, 2024): 733. http://dx.doi.org/10.3390/sym16060733.
Повний текст джерелаАнотація:
With the continuously growing requirement for encryption in network environments, web browsers are increasingly employing hypertext transfer protocol security. Despite the increase in encrypted malicious network traffic, the encryption itself limits the data accessible for analyzing such behavior. To mitigate this, several studies have examined encrypted network traffic by analyzing metadata and payload bytes. Recent studies have furthered this approach, utilizing graph neural networks to analyze the structural data patterns within malicious encrypted traffic. This study proposed an enhanced encrypted traffic analysis leveraging graph neural networks which can model the symmetric or asymmetric spatial relations between nodes in the traffic network and optimized feature dimensionality reduction. It classified malicious network traffic by leveraging key features, including the IP address, port, CipherSuite, MessageLen, and JA3 features within the transport-layer-security session data, and then analyzed the correlation between normal and malicious network traffic data. The proposed approach outperformed previous models in terms of efficiency, using fewer features while maintaining a high accuracy rate of 99.5%. This demonstrates its research value as it can classify malicious network traffic with a high accuracy based on fewer features.
31
Cao, Jie, Xing-Liang Yuan, Ying Cui, Jia-Cheng Fan, and Chin-Ling Chen. "A VPN-Encrypted Traffic Identification Method Based on Ensemble Learning." Applied Sciences 12, no. 13 (June 24, 2022): 6434. http://dx.doi.org/10.3390/app12136434.
Повний текст джерелаАнотація:
One of the foundational and key means of optimizing network service in the field of network security is traffic identification. Various data transmission encryption technologies have been widely employed in recent years. Wrongdoers usually bypass the defense of network security facilities through VPN to carry out network intrusion and malicious attacks. The existing encrypted traffic identification system faces a severe problem as a result of this phenomenon. Previous encrypted traffic identification methods suffer from feature redundancy, data class imbalance, and low identification rate. To address these three problems, this paper proposes a VPN-encrypted traffic identification method based on ensemble learning. Firstly, aiming at the problem of feature redundancy in VPN-encrypted traffic features, a method of selecting encrypted traffic features based on mRMR is proposed; secondly, aiming at the problem of data class imbalance, improving the Xgboost identification model by using the focal loss function for the data class imbalance problem; Finally, in order to improve the identification rate of VPN-encrypted traffic identification methods, an ensemble learning model parameter optimization method based on optimal Bayesian is proposed. Experiments revealed that our proposed VPN-encrypted traffic identification method produced more desirable VPN-encrypted traffic identification outcomes. Meanwhile, using two encrypted traffic datasets, eight common identification algorithms are compared, and the method appears to be more accurate in identifying encrypted traffic.
32
Jeng, Tzung-Han, Wen-Yang Luo, Chuan-Chiang Huang, Chien-Chih Chen, Kuang-Hung Chang, and Yi-Ming Chen. "Cloud Computing for Malicious Encrypted Traffic Analysis and Collaboration." International Journal of Grid and High Performance Computing 13, no. 3 (July 2021): 12–29. http://dx.doi.org/10.4018/ijghpc.2021070102.
Повний текст джерелаАнотація:
As the application of network encryption technology expands, malicious attacks will also be protected by encryption mechanism, increasing the difficulty of detection. This paper focuses on the analysis of encrypted traffic in the network by hosting long-day encrypted traffic, coupled with a weighted algorithm commonly used in information retrieval and SSL/TLS fingerprint to detect malicious encrypted links. The experimental results show that the system proposed in this paper can identify potential malicious SSL/TLS fingerprints and malicious IP which cannot be recognized by other external threat information providers. The network packet decryption is not required to help clarify the full picture of the security incident and provide the basis of digital identification. Finally, the new threat intelligence obtained from the correlation analysis of this paper can be applied to regional joint defense or intelligence exchange between organizations. In addition, the framework adopts Google cloud platform and microservice technology to form an integrated serverless computing architecture.
33
Pathmaperuma, Madushi H., Yogachandran Rahulamathavan, Safak Dogan, and Ahmet Kondoz. "CNN for User Activity Detection Using Encrypted In-App Mobile Data." Future Internet 14, no. 2 (February 21, 2022): 67. http://dx.doi.org/10.3390/fi14020067.
Повний текст джерелаАнотація:
In this study, a simple yet effective framework is proposed to characterize fine-grained in-app user activities performed on mobile applications using a convolutional neural network (CNN). The proposed framework uses a time window-based approach to split the activity’s encrypted traffic flow into segments, so that in-app activities can be identified just by observing only a part of the activity-related encrypted traffic. In this study, matrices were constructed for each encrypted traffic flow segment. These matrices acted as input into the CNN model, allowing it to learn to differentiate previously trained (known) and previously untrained (unknown) in-app activities as well as the known in-app activity type. The proposed method extracts and selects salient features for encrypted traffic classification. This is the first-known approach proposing to filter unknown traffic with an average accuracy of 88%. Once the unknown traffic is filtered, the classification accuracy of our model would be 92%.
34
Zheng, Juan, Zhiyong Zeng, and Tao Feng. "GCN-ETA: High-Efficiency Encrypted Malicious Traffic Detection." Security and Communication Networks 2022 (January 22, 2022): 1–11. http://dx.doi.org/10.1155/2022/4274139.
Повний текст джерелаАнотація:
Encrypted network traffic is the principal foundation of secure network communication, and it can help ensure the privacy and integrity of confidential information. However, it hides the characteristics of the data, increases the difficulty of detecting malicious traffic, and protects such malicious behavior. Therefore, encryption alone cannot fundamentally guarantee information security. It is also necessary to monitor traffic to detect malicious actions. At present, the more commonly used traffic classification methods are the method based on statistical features and the method based on graphs. However, these two methods are not always reliable when they are applied to the problem of encrypted malicious traffic detection due to their limitations. The former only focuses on the internal information of the network flow itself and ignores the external connections between the network flows. The latter is just the opposite. This paper proposes an encrypted malicious traffic detection method based on a graph convolutional network (GCN) called GCN-ETA, which considers the statistical features (internal information) of network flows and the structural information (external connections) between them. GCN-ETA consists of two parts: a feature extractor that uses an improved GCN and a classifier that uses a decision tree. Improving on the traditional GCN, the effect and speed of encrypted malicious traffic detection can be effectively improved and the deployment of the detection model in the real environment is increased, which provides a reference for the application of GCN in similar scenarios. This method has achieved excellent performance in experiments using real-world encrypted network traffic data for malicious traffic detection, with the accuracy, AUC, and F1-score exceeding 98% and more than 1,300 flows detected per second.
35
Taylor, Vincent F., Riccardo Spolaor, Mauro Conti, and Ivan Martinovic. "Robust Smartphone App Identification via Encrypted Network Traffic Analysis." IEEE Transactions on Information Forensics and Security 13, no. 1 (January 2018): 63–78. http://dx.doi.org/10.1109/tifs.2017.2737970.
Повний текст джерела
36
Karaçay, Leyli, Erkay Savaş, and Halit Alptekin. "Intrusion Detection Over Encrypted Network Data." Computer Journal 63, no. 4 (November 17, 2019): 604–19. http://dx.doi.org/10.1093/comjnl/bxz111.
Повний текст джерелаАнотація:
Abstract Effective protection against cyber-attacks requires constant monitoring and analysis of system data in an IT infrastructure, such as log files and network packets, which may contain private and sensitive information. Security operation centers (SOC), which are established to detect, analyze and respond to cyber-security incidents, often utilize detection models either for known types of attacks or for anomaly and applies them to the system data for detection. SOC are also motivated to keep their models private to capitalize on the models that are their propriety expertise, and to protect their detection strategies against adversarial machine learning. In this paper, we develop a protocol for privately evaluating detection models on the system data, in which privacy of both the system data and detection models is protected and information leakage is either prevented altogether or quantifiably decreased. Our main approach is to provide an end-to-end encryption for the system data and detection models utilizing lattice-based cryptography that allows homomorphic operations over ciphertext. We employ recent data sets in our experiments which demonstrate that the proposed privacy-preserving intrusion detection system is feasible in terms of execution times and bandwidth requirements and reliable in terms of accuracy.
37
Yang, Xiaoqing, Niwat Angkawisittpan, and Xinyue Feng. "Analysis of an enhanced random forest algorithm for identifying encrypted network traffic." EUREKA: Physics and Engineering, no. 5 (September 10, 2024): 201–12. http://dx.doi.org/10.21303/2461-4262.2024.003372.
Повний текст джерелаАнотація:
The focus of this paper is to apply an improved machine learning algorithm to realize the efficient and reliable identification and classification of network communication encrypted traffic, and to solve the challenges faced by traditional algorithms in analyzing encrypted traffic after adding encryption protocols. In this study, an enhanced random forest (ERF) algorithm is introduced to optimize the accuracy and efficiency of the identification and classification of encrypted network traffic. Compared with traditional methods, it aims to improve the identification ability of encrypted traffic and fill the knowledge gap in this field. Using the publicly available datasets and preprocessing the original PCAP format packets, the optimal combination of the relevant parameters of the tree was determined by grid search cross-validation, and the experimental results were evaluated in terms of performance using accuracy, precision, recall and F1 score, which showed that the average precision was more than 98 %, and that compared with the traditional algorithm, the error rate of the traffic test set was reduced, and the data of each performance evaluation index were better, which It shows that the advantages of the improved algorithm are obvious. In the experiment, the enhanced random forest and traditional random forest models were trained and tested on a series of data sets and the corresponding test errors were listed as the basis for judging the model quality. The experimental results show that the enhanced algorithm has good competitiveness. These findings have implications for cybersecurity professionals, researchers, and organizations, providing a practical solution to enhance threat detection and data privacy in the face of evolving encryption technologies. This study provides valuable insights for practitioners and decision-makers in the cybersecurity field
38
Fischer, Andreas, Benny Fuhry, Jörn Kußmaul, Jonas Janneck, Florian Kerschbaum, and Eric Bodden. "Computation on Encrypted Data Using Dataflow Authentication." ACM Transactions on Privacy and Security 25, no. 3 (August 31, 2022): 1–36. http://dx.doi.org/10.1145/3513005.
Повний текст джерелаАнотація:
Encrypting data before sending it to the cloud ensures data confidentiality but requires the cloud to compute on encrypted data. Trusted execution environments, such as Intel SGX enclaves, promise to provide a secure environment in which data can be decrypted and then processed. However, vulnerabilities in the executed program give attackers ample opportunities to execute arbitrary code inside the enclave. This code can modify the dataflow of the program and leak secrets via SGX side channels. Fully homomorphic encryption would be an alternative to compute on encrypted data without data leaks. However, due to its high computational complexity, its applicability to general-purpose computing remains limited. Researchers have made several proposals for transforming programs to perform encrypted computations on less powerful encryption schemes. Yet current approaches do not support programs making control-flow decisions based on encrypted data. We introduce the concept of dataflow authentication (DFAuth) to enable such programs. DFAuth prevents an adversary from arbitrarily deviating from the dataflow of a program. Our technique hence offers protections against the side-channel attacks described previously. We implemented two flavors of DFAuth, a Java bytecode-to-bytecode compiler, and an SGX enclave running a small and program-independent trusted code base. We applied DFAuth to a neural network performing machine learning on sensitive medical data and a smart charging scheduler for electric vehicles. Our transformation yields a neural network with encrypted weights, which can be evaluated on encrypted inputs in \( 12.55 \,\mathrm{m}\mathrm{s} \) . Our protected scheduler is capable of updating the encrypted charging plan in approximately 1.06 seconds.
39
Xu, Guoliang, Ming Xu, Yunzhi Chen, and Jiaqi Zhao. "A Mobile Application-Classifying Method Based on a Graph Attention Network from Encrypted Network Traffic." Electronics 12, no. 10 (May 20, 2023): 2313. http://dx.doi.org/10.3390/electronics12102313.
Повний текст джерелаАнотація:
Classifying mobile applications from encrypted network traffic is a common and basic requirement in network security and network management. Existing works classify mobile applications from flows, based on which application fingerprints and classifiers are created. However, mobile applications often generate concurrent flows with varying degrees of ties, such as low discriminative flows across applications and application-specific flows. So flow-based methods suffer from low accuracy. In this paper, a novel mobile application-classifying method is proposed, capturing relationships between flows and paying attention to their importance. To capture the inter-flow relationships, the proposed method slices raw mobile traffic into traffic chunks to represent flows as nodes, embeds statistical features into nodes, and adds edges according to cross-correlations between the nodes. To pay different attention to the various flows, the proposed method builds a deep learning model based on graph attention networks, implicitly assigning importance values to flows via graph attention layers. Compared to recently developed techniques on a large dataset with 101 popular apps using the Android platform, the proposed method improved by 4–20% for accuracy, precision, recall, and F1 score, and spent much less time training.
40
Huang, Yung-Fa, Chuan-Bi Lin, Chien-Min Chung, and Ching-Mu Chen. "Research on QoS Classification of Network Encrypted Traffic Behavior Based on Machine Learning." Electronics 10, no. 12 (June 8, 2021): 1376. http://dx.doi.org/10.3390/electronics10121376.
Повний текст джерелаАнотація:
In recent years, privacy awareness is concerned due to many Internet services have chosen to use encrypted agreements. In order to improve the quality of service (QoS), the network encrypted traffic behaviors are classified based on machine learning discussed in this paper. However, the traditional traffic classification methods, such as IP/ASN (Autonomous System Number) analysis, Port-based and deep packet inspection, etc., can classify traffic behavior, but cannot effectively handle encrypted traffic. Thus, this paper proposed a hybrid traffic classification (HTC) method based on machine learning and combined with IP/ASN analysis with deep packet inspection. Moreover, the majority voting method was also used to quickly classify different QoS traffic accurately. Experimental results show that the proposed HTC method can effectively classify different encrypted traffic. The classification accuracy can be further improved by 10% with majority voting as K = 13. Especially when the networking data are using the same protocol, the proposed HTC can effectively classify the traffic data with different behaviors with the differentiated services code point (DSCP) mark.
41
Deri, Luca, and Daniele Sartiano. "Using DPI and Statistical Analysis in Encrypted Network Traffic Monitoring." International Journal for Information Security Research 10, no. 1 (December 30, 2020): 932–43. http://dx.doi.org/10.20533/ijisr.2042.4639.2020.0107.
Повний текст джерела
42
Potter, Bruce. "Network flow analysis." Network Security 2007, no. 12 (December 2007): 18–19. http://dx.doi.org/10.1016/s1353-4858(07)70105-8.
Повний текст джерела
43
Dai, Xianlong, Guang Cheng, Ziyang Yu, Ruixing Zhu, and Yali Yuan. "MSLCFinder: An Algorithm in Limited Resources Environment for Finding Top-k Elephant Flows." Applied Sciences 13, no. 1 (December 31, 2022): 575. http://dx.doi.org/10.3390/app13010575.
Повний текст джерелаАнотація:
Encrypted traffic accounts for 95% of the total traffic in the backbone network environment with Tbps bandwidth. As network traffic becomes more and more encrypted and link rates increase in modern networks, the measurement of encrypted traffic relies more on collecting and analyzing massive network traffic data that can be separated from the support of high-speed network traffic measurement technology. Finding top-k elephant flows is a critical task with many applications in congestion control, anomaly detection, and traffic engineering. Owing to this, designing accurate and fast algorithms for online identification of elephant flows becomes more and more challenging. Existing methods either use large-size counters, i.e., 20 bit, to prevent overflows when recording flow sizes or require significant space overhead to measure the sizes of all flows. Thus, we adopt a novel strategy, called count-with-uth-level-sampling, in this paper, to find top-k elephant flows in limited resource environments. Moreover, the proposed algorithm, called MSLCFinder, incurs lightweight counter and uth-level multi-sampling with small, constant processing for millions of flows. Experimental results show that MSLCFinder can achieve more than 97% precision with an extremely limited hardware resource. Compared to the state-of-the-art, our method realizes the statistics and filtering of millions of data streams with less memory.
44
Chernov, Pavel, and Aleksander Shkaraputa. "Modification of the algorithm based on the Feistel network by adding an element of randomness into the encryption key." Вестник Пермского университета. Математика. Механика. Информатика, no. 1(52) (2021): 81–88. http://dx.doi.org/10.17072/1993-0550-2021-1-81-88.
Повний текст джерелаАнотація:
The article revealed the research of methods for constructing block ciphers and its advantages and disadvantages. The modified algorithm based on the Feistel network using Hamming codes and adding an element of randomness into the encryption key was proposed. Analysis of the main arameters of the algorithm in comparison with Feistel network was performed: resistance to cryptanalysis, execution time, increase in the volume of encrypted data. The analysis revealed the stronger resistance to cryptanalysis than the Feistel network, increased execution time and volume of encrypted data. The potential for building block ciphers based on the algorithm was explored.
45
Park, Jee-Tae, Chang-Yui Shin, Ui-Jun Baek, and Myung-Sup Kim. "Fast and Accurate Multi-Task Learning for Encrypted Network Traffic Classification." Applied Sciences 14, no. 7 (April 5, 2024): 3073. http://dx.doi.org/10.3390/app14073073.
Повний текст джерелаАнотація:
The classification of encrypted traffic plays a crucial role in network management and security. As encrypted network traffic becomes increasingly complicated and challenging to analyze, there is a growing need for more efficient and comprehensive analytical approaches. Our proposed method introduces a novel approach to network traffic classification, utilizing multi-task learning to simultaneously train multiple tasks within a single model. To validate the proposed method, we conducted experiments using the ISCX 2016 VPN/Non-VPN dataset, consisting of three tasks. The proposed method outperformed the majority of existing methods in classification with 99.29%, 97.38%, and 96.89% accuracy in three tasks (i.e., encapsulation, category, and application classification, respectively). The efficiency of the proposed method also demonstrated outstanding performance when compared to methods excluding lightweight models. The proposed approach demonstrates accurate and efficient multi-task classification on encrypted traffic.
46
Baldini, Gianmarco, José L. Hernandez-Ramos, Slawomir Nowak, Ricardo Neisse, and Mateusz Nowak. "Mitigation of Privacy Threats due to Encrypted Traffic Analysis through a Policy-Based Framework and MUD Profiles." Symmetry 12, no. 9 (September 22, 2020): 1576. http://dx.doi.org/10.3390/sym12091576.
Повний текст джерелаАнотація:
It has been proven in research literature that the analysis of encrypted traffic with statistical analysis and machine learning can reveal the type of activities performed by a user accessing the network, thus leading to privacy risks. In particular, different types of traffic (e.g., skype, web access) can be identified by extracting time based features and using them in a classifier. Such privacy attacks are asymmetric because a limited amount of resources (e.g., machine learning algorithms) can extract information from encrypted traffic generated by cryptographic systems implemented with a significant amount of resources. To mitigate privacy risks, studies in research literature have proposed a number of techniques, but in most cases only a single technique is applied, which can lead to limited effectiveness. This paper proposes a mitigation approach for privacy risks related to the analysis of encrypted traffic which is based on the integration of three main components: (1) A machine learning component which proactively analyzes the encrypted traffic in the network to identify potential privacy threats and evaluate the effectiveness of various mitigation techniques (e.g., obfuscation), (2) a policy based component where policies are used to enforce privacy mitigation solutions in the network and (3) a network node profile component based on the Manufacturer Usage Description (MUD) standard to enable changes in the network nodes in the cases where the first two components are not effective in mitigating the privacy risks. This paper describes the different components and how they interact in a potential deployment scenario. The approach is evaluated on the public dataset ISCXVPN2016 and the results show that the privacy threat can be mitigated significantly by removing completely the identification of specific types of traffic or by decreasing the probability of their identification as in the case of VOIP by 50%, Chat by 40% and Browsing by 33%, thus reducing significantly the privacy risk.
47
Guo, Maohua, and Jinlong Fei. "Website Fingerprinting Attacks Based on Homology Analysis." Security and Communication Networks 2021 (October 4, 2021): 1–14. http://dx.doi.org/10.1155/2021/6070451.
Повний текст джерелаАнотація:
Website fingerprinting attacks allow attackers to determine the websites that users are linked to, by examining the encrypted traffic between the users and the anonymous network portals. Recent research demonstrated the feasibility of website fingerprinting attacks on Tor anonymous networks with only a few samples. Thus, this paper proposes a novel small-sample website fingerprinting attack method for SSH and Shadowsocks single-agent anonymity network systems, which focuses on analyzing homology relationships between website fingerprinting. Based on the latter, we design a Convolutional Neural Network-Bidirectional Long Short-Term Memory (CNN-BiLSTM) attack classification model that achieves 94.8% and 98.1% accuracy in classifying SSH and Shadowsocks anonymous encrypted traffic, respectively, when only 20 samples per site are available. We also highlight that the CNN-BiLSTM model has significantly better migration capabilities than traditional methods, achieving over 90% accuracy when applied on a new set of monitored sites with only five samples per site. Overall, our experiments demonstrate that CNN-BiLSTM is an efficient, flexible, and robust model for website fingerprinting attack classification.
48
Guo, Maohua, and Jinlong Fei. "Website Fingerprinting Attacks Based on Homology Analysis." Security and Communication Networks 2021 (October 4, 2021): 1–14. http://dx.doi.org/10.1155/2021/6070451.
Повний текст джерелаАнотація:
Website fingerprinting attacks allow attackers to determine the websites that users are linked to, by examining the encrypted traffic between the users and the anonymous network portals. Recent research demonstrated the feasibility of website fingerprinting attacks on Tor anonymous networks with only a few samples. Thus, this paper proposes a novel small-sample website fingerprinting attack method for SSH and Shadowsocks single-agent anonymity network systems, which focuses on analyzing homology relationships between website fingerprinting. Based on the latter, we design a Convolutional Neural Network-Bidirectional Long Short-Term Memory (CNN-BiLSTM) attack classification model that achieves 94.8% and 98.1% accuracy in classifying SSH and Shadowsocks anonymous encrypted traffic, respectively, when only 20 samples per site are available. We also highlight that the CNN-BiLSTM model has significantly better migration capabilities than traditional methods, achieving over 90% accuracy when applied on a new set of monitored sites with only five samples per site. Overall, our experiments demonstrate that CNN-BiLSTM is an efficient, flexible, and robust model for website fingerprinting attack classification.
49
Liu, Xinlei. "Identification of Encrypted Traffic Using Advanced Mathematical Modeling and Computational Intelligence." Mathematical Problems in Engineering 2022 (August 22, 2022): 1–10. http://dx.doi.org/10.1155/2022/1419804.
Повний текст джерелаАнотація:
This paper proposed a hybrid approach for the identification of encrypted traffic based on advanced mathematical modeling and computational intelligence. Network traffic identification is the premise and foundation of improving network management, service quality, and application security. It is also the focus of network behavior analysis, network planning and construction, network anomaly detection, and network traffic model research. With the increase in user and service requirements, many applications use encryption algorithms to encrypt traffic during data transmission. As a result, traditional traffic classification methods classify encrypted traffic on the network, which brings great difficulties and challenges to network monitoring and data mining. In our article, a nonlinear modified DBN method is proposed and applied to encrypted traffic identification. Firstly, based on Deep Belief Networks (DBN), this paper introduces the proposed Eodified Elliott (ME)-DBN model, analyzes the function image, and presents the ME-DBN learning algorithm. Secondly, this article designs an encrypted traffic recognition model based on the ME-DBN model. Feature extraction is carried out by training the ME-DBN model, and finally, classification and recognition are carried out by the classifier. The experimental results on the ISCX VPN-non-VPN database show that the MEDBN method proposed in this article can enhance the classification and recognition rate and has better robustness to encrypt traffic recognition from different software.
50
Papadogiannaki, Eva, and Sotiris Ioannidis. "A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures." ACM Computing Surveys 54, no. 6 (July 2021): 1–35. http://dx.doi.org/10.1145/3457904.
Повний текст джерелаАнотація:
The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure communications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.