scholarly journals A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

2021 ◽  
Vol 54 (6) ◽  
pp. 1-35
Author(s):  
Eva Papadogiannaki ◽  
Sotiris Ioannidis
Keyword(s):  
Network Traffic ◽  
State Of The Art ◽  
Traffic Analysis ◽  
Research Community ◽  
The Internet ◽  
Secure Communications ◽  
User Privacy ◽  
Analysis Techniques ◽  
Network Traffic Analysis ◽  
Wide Domain

The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure communications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.

scholarly journals A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers

2021 ◽  
Vol 12 (1) ◽  
pp. 155
Author(s):  
Chaeyeon Oh ◽  
Joonseo Ha ◽  
Heejun Roh
Keyword(s):  
Network Traffic ◽  
State Of The Art ◽  
Critical Issue ◽  
Traffic Analysis ◽  
The State ◽  
Transport Layer ◽  
Network Traffic Analysis ◽  
Art Methods ◽  
Pros And Cons ◽  
Security Operations

Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.

scholarly journals Finding a Needle in a Haystack: The Traffic Analysis Version

2019 ◽  
Vol 2019 (2) ◽  
pp. 270-290
Author(s):  
Abdullah Qasem ◽  
Sami Zhioua ◽  
Karima Makhlouf
Keyword(s):  
Network Traffic ◽  
Traffic Analysis ◽  
Machine Learning Algorithms ◽  
Bloom Filters ◽  
Sensitive Information ◽  
Traffic Splitting ◽  
Analysis Techniques ◽  
Network Traffic Analysis ◽  
Signature Generation ◽  
Single Size

Abstract Traffic analysis is the process of extracting useful/sensitive information from observed network traffic. Typical use cases include malware detection and website fingerprinting attacks. High accuracy traffic analysis techniques use machine learning algorithms (e.g. SVM, kNN) and require to split the traffic into correctly separated blocks. Inspired by digital forensics techniques, we propose a new network traffic analysis approach based on similarity digest. The approach features several advantages compared to existing techniques, namely, fast signature generation, compact signature representation using Bloom filters, efficient similarity detection between packet traces of arbitrary sizes, and in particular dropping the traffic splitting requirement altogether. Experimental results show very promising results on VPN and malware traffic, but low results on Tor traffic due mainly to the single-size cells feature.

scholarly journals Network Traffic Analysis for Threat Detection in the Internet of Things

2020 ◽  
Vol 3 (4) ◽  
pp. 40-45
Author(s):  
Mohammad Hammoudeh ◽  
John Pimlott ◽  
Sana Belguith ◽  
Gregory Epiphaniou ◽  
Thar Baker ◽  
...  
Keyword(s):  
Internet Of Things ◽  
Network Traffic ◽  
Traffic Analysis ◽  
The Internet ◽  
Threat Detection ◽  
Network Traffic Analysis ◽  
The Internet Of Things

Net_Watch: A Tool for Network Traffic Analysis

2020 ◽  
Author(s):  
Sumit Kumari ◽  
Neetu Sharma ◽  
Prashant Ahlawat
Keyword(s):  
Network Traffic ◽  
Traffic Analysis ◽  
Network Traffic Analysis

scholarly journals User Profiling Using Smartphone Network Traffic Analysis

2021 ◽  
Author(s):  
Ayush Bahuguna ◽  
Ankit Agrawal ◽  
Ashutosh Bhatia ◽  
Kamlesh Tiwari ◽  
Deepak Vishwakarma
Keyword(s):  
Network Traffic ◽  
Traffic Analysis ◽  
User Profiling ◽  
Network Traffic Analysis

scholarly journals Network traffic analysis and evaluation of a multi-user virtual environment

2012 ◽  
Vol 26 ◽  
pp. 1-15 ◽  
Author(s):  
Juan L. Font ◽  
Daniel Cascado ◽  
José L. Sevillano ◽  
Fernando Díaz del Río ◽  
Gabriel Jiménez
Keyword(s):  
Virtual Environment ◽  
Network Traffic ◽  
Traffic Analysis ◽  
Analysis And Evaluation ◽  
Network Traffic Analysis
Sign in / Sign up

Export Citation Format

Share Document