Robust Firewall Framework for
Traffic-Analysis based Detection of Encrypted Traffic
The rapid growth of the Internet has allowed the development of traffic-intensive applications such as video streaming services. Understanding the composition of user traffic using traffic classification is a crucial step towards network optimization. Traffic Classification can be used to extract various types of useful information from a given traffic stream. Its most commonplace use is to classify traffic according to the type of protocol that is being used, but its applications can be extended to identifying the source or destination of the traffic. The main focus of this work is on the classification of encrypted video streaming traffic because of the widespread use of video streaming services and the administrative concern it raises. The project is developed to address the need for such a solution in a cost-effective fashion.
The main contribution of this project is a practical framework that uses Traffic Analysis (TA) for identifying sources of tunneled video streaming traffic. The key idea is to examine encrypted and tunneled video streaming traffic at a firewall that is located near the streaming client in order to identify undesirable traffic sources and to block or throttle traffic from such sources.
The major challenge of this work lies in the fact that the encrypted and tunneled traffic stream bears almost no identifying feature. Information usually available to firewall is encrypted, and the actual source/destination is concealed by the VPN tunnel. However, it has been proven that residual amount of information can still be recovered despite the effort the mask the traffic. By picking effective features based on statistic signatures that emerge in the distribution of large amount of packets, an identification of encrypted and tunneled traffic is still possible.
The choice of features and classification technique is key to the performance and scalability of the firewall framework. It is also the main focus of the research.
- Statistic features extracted from the metadata is essential for the firewall
- Advanced machine learning techniques, including deep neural network, is used to extract knowledge from traffic
- The entire software/hardware package is a single device that is easily deployable to a variety of environments
Y. Shi and S. Biswas,
“Protocol-independent identification of encrypted video traffic sources using
traffic analysis,” in IEEE International Conference on Communications (ICC’16), May 2016.
[Online]. Available: http://dx.doi.org/10.1109/ICC.2016.7511096
Y. Shi and S.
Biswas, “Characterization of traffic analysis based video stream source
identification,” in 2015 IEEE
International Conference on Advanced Networks andTelecommuncations Systems (ANTS). IEEE, Dec.
2015, pp. 1–6.
Y. Shi and S. K.
Biswas, “Detecting tunneled video streams using traffic analysis,” in The
Seventh International Conference on COMmunication Systems and NETworkS
(COMSNETS 2015). IEEE, Jan. 2015.
[Online]. Available: http://dx.doi.org/10.1109/comsnets.2015.7098675
Y. Shi and S. K. Biswas, “Detecting tunneled video streams using traffic analysis,” in The Seventh International Conference on COMmunication Systems and NETworkS (COMSNETS 2015). IEEE, Jan. 2015. [Online]. Available: http://dx.doi.org/10.1109/comsnets.2015.7098675
Y. Shi and S. K. Biswas, “Website fingerprinting using traffic analysis of dynamic webpages,” in Globecom 2014 - Communication and Information System Security Symposium. IEEE, Dec. 2014.
[Online]. Available: http://dx.doi.org/10.1109/GLOCOM.2014.7036866
- 428 S. Shaw Lane, Room 2120, East Lansing, MI 48824
- shiyan3 @ msu DOT edu