early online classification of encrypted traffic streams
play

Early online classification of encrypted traffic streams using - PowerPoint PPT Presentation

Dec 06, 2023 •227 likes •629 views

Early online classification of encrypted traffic streams using multi-fractal features Erik Arestrm, Linkping University Niklas Carlsson, Linkping University Motivation and problem Early flow classification is important for network

  1. Early online classification of encrypted traffic streams using multi-fractal features Erik Areström, Linköping University Niklas Carlsson, Linköping University

  2. Motivation and problem • Early flow classification is important for network Problem: Individual content provider that wants to minimize its operators in order to operate network at high delivery costs under the assumptions that utilization while still providing good quality of • the storage and bandwidth resources it requires are elastic , experience for the users • the content provider only pays for the resources that it consumes , and • costs are proportional to the resource usage. 2

  3. Motivation and problem • Early flow classification is important for network Problem: Individual content provider that wants to minimize its operators in order to operate network at high delivery costs under the assumptions that utilization while still providing good quality of • the storage and bandwidth resources it requires are elastic , experience for the users • the content provider only pays for the resources that it consumes , and • End-to-end encryption render traditional deep • costs are proportional to the resource usage. packet inspection techniques useless 3

  4. Motivation and problem • Early flow classification is important for network Problem: Individual content provider that wants to minimize its operators in order to operate network at high delivery costs under the assumptions that utilization while still providing good quality of • the storage and bandwidth resources it requires are elastic , experience for the users • the content provider only pays for the resources that it consumes , and • End-to-end encryption render traditional deep • costs are proportional to the resource usage. packet inspection techniques useless • Most flow classification approaches are unable to properly capture the non-linear characteristics of network flows 4

  5. Motivation and problem • Early flow classification is important for network Problem: Individual content provider that wants to minimize its operators in order to operate network at high delivery costs under the assumptions that utilization while still providing good quality of • the storage and bandwidth resources it requires are elastic , experience for the users • the content provider only pays for the resources that it consumes , and • End-to-end encryption render traditional deep • costs are proportional to the resource usage. packet inspection techniques useless • Most flow classification approaches are unable to properly capture the non-linear characteristics of network flows • Problem: Current classification methods are too slow or inaccurate to benefit network operators 5

  6. Contributions • A man-in-the-middle based evaluation framework, utilizing the multi-fractal features of encrypted traffic flows to diffrentiate application types

  7. Contributions • A man-in-the-middle based evaluation framework, utilizing the multi-fractal features of encrypted traffic flows to diffrentiate application types • Early traffic categorization via tuning of said framwork achieving F1-scores of 0.814 after only 5 seconds, using only multi-fractal features

  8. Contributions • A man-in-the-middle based evaluation framework, utilizing the multi-fractal features of encrypted traffic flows to diffrentiate application types • Early traffic categorization via tuning of said framwork achieving F1-scores of 0.814 after only 5 seconds, using only multi-fractal features • In-class categorization of live video versus video on demand delivered from the same services, using only multi-fractal features

  9. High-level categorization Application categories Example service Video streaming Youtube Web browsing Reddit Social media Facebook Audio communication Skype Text communication Messenger Bulk download Google Play

  10. System model Network Traffic Flow

  11. System model Feature Extractor Network Packet Traffic Arrival Flow Times

  12. System model Feature Extractor Network Model Packet Traffic Multi-fractal Arrival Flow features Times

  13. System model Feature Extractor Network Model Packet Traffic Multi-fractal Arrival Flow features Times Network Flow Classification Result Utilization Optimizer

  14. System model Our Focus Feature Extractor Network Model Packet Traffic Multi-fractal Arrival Flow features Times Network Flow Classification Result Utilization Optimizer

  15. System model Trusted Proxy Network Traffic Network Traffic

  16. System model Trusted Proxy Automatic Instrumentation Commands Network Traffic Network Traffic Packet Arrival The samples Times

  17. Feature ext xtraction

  18. Feature ext xtraction • Given a time series repesenting the arrival of a packet in a timeslot, calculate the wavelet coefficients for different scales of the signal using the Discrete Wavelet Transform

  19. Feature ext xtraction • Given a time series repesenting the arrival of a packet in a timeslot, calculate the wavelet coefficients for different scales of the signal using the Discrete Wavelet Transform • Extract the time- or space localized suprema of the coefficents, the so called wavelet leaders

  20. Feature ext xtraction • Given a time series repesenting the arrival of a packet in a timeslot, calculate the wavelet coefficients for different scales of the signal using the Discrete Wavelet Transform • Extract the time- or space localized suprema of the coefficents, the so called wavelet leaders • Form a multi-resolution structure function to estimate the scaling exponents by regression

  21. Feature ext xtraction • Given a time series repesenting the arrival of a packet in a timeslot, calculate the wavelet coefficients for different scales of the signal using the Discrete Wavelet Transform • Extract the time- or space localized suprema of the coefficents, the so called wavelet leaders • Form a multi-resolution structure function to estimate the scaling exponents by regression • Derive the Hausdorff dimensions and corresponding Holder Exponents for the signal

  22. Feature ext xtraction • Given a time series repesenting the arrival of a packet in a timeslot, calculate the wavelet coefficients for different scales of the signal using the Discrete Wavelet Transform • Extract the time- or space localized suprema of the coefficents, the so called wavelet leaders • Form a multi-resolution structure function to estimate the scaling exponents by regression • Derive the Hausdorff dimensions and corresponding Holder Exponents for the signal The multi-fractal features, representing how the observed self-similiarty of the signal changes over time

  23. Building the model • The collection of samples were randomly split into two parts, half the samples were used to build the model Model Multi-fractal features

  24. Building the model • The collection of samples were randomly split into two parts, half the samples were used to build the model • Multiple Binary Support Vector Machine classifiers were used, fitting the maximun margin separating hyperplane between each class of data SVM with radial basis kernel function Model Multi-fractal features

  25. Evaluation (t (t = 20 s) F1- Class score Audio 0.98 Communication Bulk Download 0.99 Text 0.96 Communication

  26. Evaluation (t (t = 20 s) F1- Class score Audio 0.98 Communication Bulk Download 0.99 Text 0.96 Communication Social Media 0.90 Video 0.96 Web 0.96

  27. Evaluation (t (t = 20 s) F1- Class score Audio 0.98 Communication Bulk Download 0.99 Text 0.96 Communication Social Media 0.90 Video 0.96 Web 0.96

  28. T-SNE visualization

  29. Early classification Duration F1-score Precision Recall 20 seconds 0.958 0.958 0.958

  30. Early classification Duration F1-score Precision Recall 20 seconds 0.958 0.958 0.958 15 seconds 0.892 0.891 0.894 10 seconds 0.844 0.838 0.851

  31. Early classification Duration F1-score Precision Recall 20 seconds 0.958 0.958 0.958 15 seconds 0.892 0.891 0.894 10 seconds 0.844 0.838 0.851 5 seconds 0.814 0.823 0.805

  32. Early classification Duration F1-score Precision Recall 20 seconds 0.958 0.958 0.958 15 seconds 0.892 0.891 0.894 10 seconds 0.844 0.838 0.851 5 seconds 0.814 0.823 0.805 2.5 seconds 0.631 0.594 0.673

  33. Early classification Duration F1-score Precision Recall 20 seconds 0.958 0.958 0.958 15 seconds 0.892 0.891 0.894 10 seconds 0.844 0.838 0.851 5 seconds 0.814 0.823 0.805 2.5 seconds 0.631 0.594 0.673 2 seconds 0.409 0.404 0.415 1 second 0.214 0.202 0.228 Randomly picking one category: 1/6 ≈ 0.167

  34. Im Impact of f added variance in the dataset. • All packet arrival instances in the evaulation set were perturbed according to a normal distribution: Ɲ (0, 𝜏) σ 10 25 50 100 250 500 1000 F1- 0.952 0.942 0.925 0.927 0.891 0.834 0.695 score

  35. Im Impact of f added variance in the dataset. • All packet arrival instances in the evaulation set were perturbed according to a normal distribution: Ɲ (0, 𝜏) σ 10 25 50 100 250 500 1000 F1- 0.952 0.942 0.925 0.927 0.891 0.834 0.695 score 31.8% of the packets arrivals move by more than ± 0.5 seconds

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Effective and Real-time In-App Activity Analysis in Encrypted Internet Traffic Streams Junming

Effective and Real-time In-App Activity Analysis in Encrypted Internet Traffic Streams Junming

Effective and Real-time In-App Activity Analysis in Encrypted Internet Traffic Streams Junming Liu Yanjie Fu, Jingci Ming, Yong Ren Leilei Sun, Hui Xiong Rutgers University, USA Futurewei Technology. Inc,. USA Background 2/27 Explosive

297 views • 26 slides
A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic Tejmani Sinam, Irengbam Tilokchan Singh, Sukumar Nandi Pradeep Lamabam, Ngasham Nandarani Devi Department of Computer Science and Engineering,

231 views • 6 slides
Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic

Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic

Traffic Classification in the Fog Scott E. Coull February 23, 2006 Overview What is traffic classification? Communities of Interest for classification BLINC Profiling Internet Backbone Traffic What is missing here? Traffic

965 views • 81 slides
Need for Classification Classification required To isolate traffic of interest

Need for Classification Classification required To isolate traffic of interest

Need for Classification Classification required To isolate traffic of interest Classification of Internet Traffic To treat special types of traffic in a different manner Some types of classification already seen in Alok

371 views • 9 slides
Controlling False Alarm/Discovery Rates in Online Internet Traffic Flow Classification Daniel

Controlling False Alarm/Discovery Rates in Online Internet Traffic Flow Classification Daniel

Controlling False Alarm/Discovery Rates in Online Internet Traffic Flow Classification Daniel Nechay, Yvan Pointurier and Mark Coates McGill University Department of Electrical and Computer Engineering Montreal, Quebec, Canada April 22, 2009

515 views • 24 slides
Encrypted DNS Privacy? A Traffic Analysis Perspective Sandra Siby, Marc Juarez, Claudia

Encrypted DNS Privacy? A Traffic Analysis Perspective Sandra Siby, Marc Juarez, Claudia

Encrypted DNS Privacy? A Traffic Analysis Perspective Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, Carmela Troncoso NDSS, 25 February 2020 Encrypted DNS > Privacy? Can encrypting DNS protect users from tra ffi

533 views • 40 slides
Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification,

Rendezvous-based Traffic Rendezvous-based Traffic Classification, Measurement, Classification, Measurement, and Analysis and Analysis ISC/CAIDA Data Collaboration Workshop October 22, 2012 David Plonka & Paul Barford

1.33k views • 26 slides
Machine Learning Classification over Encrypted Data Raphal Bost Raluca Ada Popa,

Machine Learning Classification over Encrypted Data Raphal Bost Raluca Ada Popa,

Machine Learning Classification over Encrypted Data Raphal Bost Raluca Ada Popa, Universit Rennes 1 ETH Zrich MIT MIT Stephen Tu Shafi Goldwasser MIT MIT Classification (Machine Learning) Supervised learning (training)

1.3k views • 29 slides
FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic Thijs van Ede ,

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic Thijs van Ede ,

FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic Thijs van Ede , Riccardo Bortolameotti, Andrea Continella, Jingjing Ren, Daniel J. Dubois, Martina Lindorfer, David Choffnes, Maarten van Steen and Andreas Peter

771 views • 51 slides
Machine Learning Classification over Encrypted Data Raphael Bost, Raluca Ada Popa, Stephen Tu,

Machine Learning Classification over Encrypted Data Raphael Bost, Raluca Ada Popa, Stephen Tu,

Machine Learning Classification over Encrypted Data Raphael Bost, Raluca Ada Popa, Stephen Tu, Shafi Goldwasser Classification (Machine Learning) Supervised learning (training) Classification data classification training model

1.29k views • 54 slides
Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue

Traffic Classifier Real Time Classification and Analysis of T1/E1 Traffic 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com Website: http://www.gl.com 1 1 Traffic

228 views • 11 slides
Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization IEEE

Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization IEEE

Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization IEEE International Conference on Network Protocols 2020 October 13-16, 2020 Dongeon Kim, Jihun Han , Jinwoo Lee, Heejun Roh Korea University Sejong Campus,

896 views • 11 slides
Data Streams Many large sources of data are generated as streams of updates: IP Network

Data Streams Many large sources of data are generated as streams of updates: IP Network

Summarizing and Mining Skewed Data Streams Graham Cormode cormode@bell-labs.com Flip Korn, S. Muthukrishnan, Divesh Srivastava Data Streams Many large sources of data are generated as streams of updates: IP Network traffic data Text:

485 views • 44 slides
Pattern Matching on Encrypted Streams Nicolas Desmoulins Pierre-Alain Fouque Cristina Onete

Pattern Matching on Encrypted Streams Nicolas Desmoulins Pierre-Alain Fouque Cristina Onete

Pattern Matching on Encrypted Streams Nicolas Desmoulins Pierre-Alain Fouque Cristina Onete Orange Labs Universit e de Rennes Universit e de Limoges Olivier Sanders Orange Labs Asiacrypt 2018, December 03, 2018 Agenda Context

794 views • 31 slides
Data Streams Many large sources of data are generated as streams of updates: IP Network

Data Streams Many large sources of data are generated as streams of updates: IP Network

Summarizing and Mining Skewed Data Streams Graham Cormode cormode@bell-labs.com S. Muthukrishnan muthu@cs.rutgers.edu Data Streams Many large sources of data are generated as streams of updates: IP Network traffic data Text: email/

535 views • 20 slides
Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani

Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani

Probabilistic Graphical Models for Semi-Supervised Traffic Classification Rotsos Charalampos , Jurgen Van Gael, Andrew W. Moore, Zoubin Ghahramani Computer Laboratory and Engineering Department, University of Cambridge Traffic classification

257 views • 21 slides
Empirical Mode Decomposition, Lifting and Block Wavelet Transform April 9 Empirical Mode

Empirical Mode Decomposition, Lifting and Block Wavelet Transform April 9 Empirical Mode

Empirical Mode Decomposition, Lifting and Block Wavelet Transform April 9 Empirical Mode Decomposition (EMD) Given x(t), decompose it as follows Where c j (t) are the intrinsic mode functions (IMF) and r n (t) is the residual

474 views • 8 slides
type of artificial neural network techniques Amir Shokri Amirsh.nll@gmail.com a b s t r a c t

type of artificial neural network techniques Amir Shokri Amirsh.nll@gmail.com a b s t r a c t

Fast auralization using radial basis functions type of artificial neural network techniques Amir Shokri Amirsh.nll@gmail.com a b s t r a c t This work presents a new technique to produce fast and reliable auralizations with a computer code

559 views • 31 slides
Precomputed Light Transport Indirect Lighting Many indirect lighting effects are subtle, yet

Precomputed Light Transport Indirect Lighting Many indirect lighting effects are subtle, yet

Precomputed Light Transport Indirect Lighting Many indirect lighting effects are subtle, yet crucial for visual realism. Examples are: Soft shadow Ambient occlusion 1 Ambient Occlusion Ambient light is a very crude

326 views • 11 slides
Edge detection in JPEG2000 Wavelet Domain - Analysis on Sigmoid Function Edge Model Vytenis

Edge detection in JPEG2000 Wavelet Domain - Analysis on Sigmoid Function Edge Model Vytenis

Edge detection in JPEG2000 Wavelet Domain - Analysis on Sigmoid Function Edge Model Vytenis PUNYS, Ramunas MAKNICKAS Dept. Multimedia Engineering Kaunas University of Technology, LITHUANIA MIE 2011, Oslo August 31, 2011 Whole Slide

461 views • 16 slides
Iteratively Reweighted 1 Approaches to Sparse Composite Regularization Phil Schniter Joint

Iteratively Reweighted 1 Approaches to Sparse Composite Regularization Phil Schniter Joint

Iteratively Reweighted 1 Approaches to Sparse Composite Regularization Phil Schniter Joint work with Prof. Rizwan Ahmad (OSU) Supported in part by NSF grant CCF-1018368. MATHEON Conf. on Compressed Sensing and its Applications TU-Berlin

308 views • 29 slides
LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami

LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami

LDP Typed Wildcard PW FEC Elements draft-raza-pwe3-pw-typed-wc-fec-00.txt Kamran Raza Sami Boutros Background Label Distribution Protocol (LDP) [RFC5036] defines the general notion of a "Typed Wildcard Forwarding Equivalence Class

308 views • 6 slides
Overcoming the Challenges of Obesity Management in Primary Care Learning Objectives Discuss

Overcoming the Challenges of Obesity Management in Primary Care Learning Objectives Discuss

Traversing the Chasm: Overcoming the Challenges of Obesity Management in Primary Care Learning Objectives Discuss the benefits of weight loss with persons who are candidates for medical management of obesity Discuss weight loss goals

704 views • 25 slides
Weakening Aggregated Traffic of Weakening Aggregated Traffic of DHCP Discover Messages draft

Weakening Aggregated Traffic of Weakening Aggregated Traffic of DHCP Discover Messages draft

Weakening Aggregated Traffic of Weakening Aggregated Traffic of DHCP Discover Messages draft yang sunset4 weaken dhcp 00 draft yang sunset4 weaken dhcp 00 Tianle Yang, Lianyuan Li, Qiongfang Ma China Mobile China Mobile

535 views • 12 slides

More recommend