Mitigation of the effect of Standard Networks Attacks in SSL Encrypted Traffic by Encrypted Traffic Analysis

Muhammad Hamad, Muhammad Hanif Durad, Muhammad Yousaf

Abstract


With increased use of encryption, cyber threat landscape is changing. For general public this transition shifts to more private and safer internet experiences, but at the same time it is a serious concern for security personnel now. For them it hinders control over the traffic moving on their network and poses difficulty in traffic analysis and management. Security personals are interested in knowing how the network is being accessed, whether or not that traffic contains some malware and is safe enough and compliant with your organization’s policies. This project is not about decrypting the encrypted content of the packet’s payload as it will highly degrade network performance plus some advanced encryption algorithms like AES are assumed to be perfect. So the aim of this project is to analyze encrypted traffic and find out some interesting patterns without the need for bulk decryption. The analysis will be based on flow based features and metadata. Encrypted Traffic Analytics maintains the integrity of the encrypted flow and doesn’t affect the privacy of users.

Full Text:

PDF

References


Jason Liu, “A Guide for Encrypted Traffic Analytics,” 2017. [Online]. Available: https://blogs.cisco.com/enterprise/a-guide-for-encrypted-traffic-analytics. [Accessed: 25-Sep-2018].

Cisco, I. O. S. (2008). NetFlow.

Claise, B., Sadasivan, G., Valluri, V., & Djernaes, M. (2004). Cisco systems netflow services export version 9..

Sommer, R., & Feldmann, A. (2002, November). NetFlow: Information loss or win?. In Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (pp. 173-174)..

“Hackborn, D. K., Bort, D. P., Onorato, J. M., Bornstein, D. R., McFadden, A. T., Swetland, B. J., & Cannings, R. G. (2013). U.S. Patent No. 8,589,691. Washington, DC: U.S. Patent and Trademark Office.

Biasini, N., Esler, J., Herbert, N., Mercer, W., Olney, M., Taylor, M., & Williams, C. (2015). Threat spotlight: Cisco talos thwarts access to massive international exploit kit generating $60 m annually from ransomware alone. Cisco Talos. Retrieved from http://www. talosintel. com/angler-exposed.

Szigeti, T., Zacks, D., Falkner, M., & Arena, S. (2018). Cisco Digital Network Architecture: Intent-based Networking for the Enterprise. Cisco Press..

Sudozai, M. A. K., & Saleem, S. (2018, January). Profiling of secure chat and calling apps from encrypted traffic. In 2018 15th International Bhurban Conference on Applied Sciences and Technology (IBCAST) (pp. 502-508). IEEE..

Sanders, C. (2017). Practical packet analysis: Using Wireshark to solve real-world network problems. No Starch Press..

Chapell, L. (2010). Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide, Protocol Analysis Institute. EE. UU. Editorial Chapell University.

Orebaugh, A., Ramirez, G., & Beale, J. (2006). Wireshark & Ethereal network protocol analyzer toolkit. Elsevier.

Prasse, P., Machlica, L., Pevný, T., Havelka, J., & Scheffer, T. (2017, May). Malware detection by analysing network traffic with neural networks. In 2017 IEEE Security and Privacy Workshops (SPW) (pp. 205-210). IEEE.

Greff, K., Srivastava, R. K., Koutník, J., Steunebrink, B. R., & Schmidhuber, J. (2016). LSTM: A search space odyssey. IEEE transactions on neural networks and learning systems, 28(10), 2222-2232.

Alshammari, R., & Zincir-Heywood, A. N. (2009, July). Machine learning based encrypted traffic classification: Identifying ssh and skype. In 2009 IEEE symposium on computational intelligence for security and defense applications (pp. 1-8). IEEE.

Hu, W., Hu, W., & Maybank, S. (2008). Adaboost-based algorithm for network intrusion detection. IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 38(2), 577-583.

Schölkopf, B., Smola, A. J., & Bach, F. (2002). Learning with kernels: support vector machines, regularization, optimization, and beyond. MIT press.

Murphy, K. P. (2006). Naive bayes classifiers. University of British Columbia, 18, 60..

Quinlan, J. R. (2014). C4. 5: programs for machine learning. Elsevier.

Anderson, B., & McGrew, D. (2016, October). Identifying encrypted malware traffic with contextual flow data. In Proceedings of the 2016 ACM workshop on artificial intelligence and security (pp. 35-46).

Morrissey, P., Smart, N. P., & Warinschi, B. (2008, December). A modular security analysis of the TLS handshake protocol. In International Conference on the Theory and Application of Cryptology and Information Security (pp. 55-73). Springer, Berlin, Heidelberg. [21] E. Rescorla, “Http over tls,” 2000.

Garcia, S., Grill, M., Stiborek, J., & Zunino, A. (2014). An empirical comparison of botnet detection methods. computers & security, 45, 100-123.

Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., ... & Vanderplas, J. (2011). Scikit-learn: Machine learning in Python. the Journal of machine Learning research, 12, 2825-2830..




DOI: http://dx.doi.org/10.21015/vtm.v8i1.578

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.