Monitoring IoT Encrypted Traffic with Deep Packet Inspection and Statistical Analysis

2020 ◽  
Author(s):  
Luca Deri ◽  
Daniele Sartiano
Keyword(s):  
Statistical Analysis ◽  
Deep Packet Inspection ◽  
Packet Inspection ◽  
Encrypted Traffic

scholarly journals Research on QoS Classification of Network Encrypted Traffic Behavior Based on Machine Learning

Electronics ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 1376
Author(s):  
Yung-Fa Huang ◽  
Chuan-Bi Lin ◽  
Chien-Min Chung ◽  
Ching-Mu Chen
Keyword(s):  
Machine Learning ◽  
Majority Voting ◽  
Deep Packet Inspection ◽  
Traffic Classification ◽  
K 13 ◽  
Packet Inspection ◽  
Majority Voting Method ◽  
Encrypted Traffic ◽  
Traffic Behavior

In recent years, privacy awareness is concerned due to many Internet services have chosen to use encrypted agreements. In order to improve the quality of service (QoS), the network encrypted traffic behaviors are classified based on machine learning discussed in this paper. However, the traditional traffic classification methods, such as IP/ASN (Autonomous System Number) analysis, Port-based and deep packet inspection, etc., can classify traffic behavior, but cannot effectively handle encrypted traffic. Thus, this paper proposed a hybrid traffic classification (HTC) method based on machine learning and combined with IP/ASN analysis with deep packet inspection. Moreover, the majority voting method was also used to quickly classify different QoS traffic accurately. Experimental results show that the proposed HTC method can effectively classify different encrypted traffic. The classification accuracy can be further improved by 10% with majority voting as K = 13. Especially when the networking data are using the same protocol, the proposed HTC can effectively classify the traffic data with different behaviors with the differentiated services code point (DSCP) mark.

scholarly journals Analysis of Lightweight Feature Vectors for Attack Detection in Network Traffic

2018 ◽  
Vol 8 (11) ◽  
pp. 2196 ◽  
Author(s):  
Fares Meghdouri ◽  
Tanja Zseby ◽  
Félix Iglesias
Keyword(s):  
Past Research ◽  
Attack Detection ◽  
Supervised Machine Learning ◽  
Deep Packet Inspection ◽  
Feature Vectors ◽  
Malicious Activity ◽  
Network Communications ◽  
Packet Length ◽  
Packet Inspection ◽  
Encrypted Traffic

The consolidation of encryption and big data in network communications have made deep packet inspection no longer feasible in large networks. Early attack detection requires feature vectors which are easy to extract, process, and analyze, allowing their generation also from encrypted traffic. So far, experts have selected features based on their intuition, previous research, or acritically assuming standards, but there is no general agreement about the features to use for attack detection in a broad scope. We compared five lightweight feature sets that have been proposed in the scientific literature for the last few years, and evaluated them with supervised machine learning. For our experiments, we use the UNSW-NB15 dataset, recently published as a new benchmark for network security. Results showed three remarkable findings: (1) Analysis based on source behavior instead of classic flow profiles is more effective for attack detection; (2) meta-studies on past research can be used to establish satisfactory benchmarks; and (3) features based on packet length are clearly determinant for capturing malicious activity. Our research showed that vectors currently used for attack detection are oversized, their accuracy and speed can be improved, and are to be adapted for dealing with encrypted traffic.

Efficient Regular Expression Compression Algorithm for Deep Packet Inspection

2009 ◽  
Vol 20 (8) ◽  
pp. 2214-2226 ◽  
Author(s):  
Qian XU ◽  
Yue-Peng E ◽  
Jing-Guo GE ◽  
Hua-Lin QIAN
Keyword(s):  
Regular Expression ◽  
Compression Algorithm ◽  
Deep Packet Inspection ◽  
Packet Inspection
Sign in / Sign up

Export Citation Format

Share Document