Investigation of Encrypted and Obfuscated Network Traffic Utilizing Machine Learning

Kay Boldt, Kenneth B. Kent, Rainer Herpers
Accepted to EVOKE CASCON Conference, Toronto, Canada - nov 2020

Abstract

This paper utilizes machine learning to investigate the classification of encryption applied to network traffic and the underlying activities. It is firstly motivated by the difficulty of traditional traffic classification caused by additional encryption as ports and headers are hidden. Secondly, the results also present the effectiveness of currently available privacy-enhancing technologies. A new dataset is created, containing Pure (without additional encryption), Tor, Tor with obfuscation, VPN and VPN+Tor network traffic. Additionally, there are five different activities performed during each kind of traffic recording, namely audio streaming, browsing, P2P/SFTP file transfers and video conferencing. The traffic is classified by extracting features based on flows calculated by ARGUS and CICFlowMeter, combining three classifiers with seven feature selection algorithms. The results for the classification of the encryption clearly indicate the possibility of using this detection system in a modified fashion within a practical application. For the detection of activities inside encrypted network traffic, the results show that the disguise is ineffective. Overall, this reveals the need to improve the resistance of commonly used techniques for the protection of network traffic against machine learning.

BibTex references

@InProceedings{BKH20,
  author       = {Boldt, Kay and Kent, Kenneth B. and Herpers, Rainer},
  title        = {Investigation of Encrypted and Obfuscated Network Traffic Utilizing Machine Learning},
  booktitle    = {Accepted to EVOKE CASCON Conference, Toronto, Canada},
  month        = {nov},
  year         = {2020},
}

Other publications in the database

» Kenneth B. Kent
» Rainer Herpers