Tell them from me: an encrypted application profiler
| Autor: | Mohammad Saiful Islam Mamun, Rongxing Lu, Manon Gaudet |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2019 |
| Předmět: |
user profiling
machone learning cybersecurity Computer science business.industry Payload 020206 networking & telecommunications 02 engineering and technology Data_CODINGANDINFORMATIONTHEORY Encryption Flow network Proof of concept Passive network monitoring 0202 electrical engineering electronic engineering information engineering Entropy (information theory) 020201 artificial intelligence & image processing encrypted application Internet users business Ip address Computer network |
| Zdroj: | Network and System Security ISBN: 9783030369378 NSS |
| Popis: | Profiling internet users associated with encrypted applications has been a long-standing challenging issue that helps to identify targeted users’ interests. This paper proposes a machine-learning based solution for creating encrypted application signatures without relying on any certain assumptions on the underlying network infrastructure such as IP address, port number, network flow characteristics. These applications signatures can later be used with passive network monitoring for profiling targeted users in terms of selected application usage such as Facebook, Tor. We propose a proof of concept (PoC) framework with effective features to identify (i) encrypted payloads from any network traffic, and (ii) targeted applications such as ToR, Skype for what the model is trained for. Our study shows that using classical Shannon’s entropy alone can help recognize encrypted payload, but may not help identify particular application payloads. We design features based on standard encoding e.g., UTF-8, entropy e.g., Shannon entropy, BiEntropy, and payload size, so that machine learning algorithms can be used to identify encrypted applications. Series: Lecture Notes in Computer Science |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|