Global ETD Search

1	An Investigation of a Multi-Objective Genetic Algorithm applied to Encrypted Traffic Identification Bacquet, Carlos 10 August 2010 (has links) This work explores the use of a Multi-Objective Genetic Algorithm (MOGA) for both, feature selection and cluster count optimization, for an unsupervised machine learning technique, K-Means, applied to encrypted traffic identification (SSH). The performance of the proposed model is benchmarked against other unsupervised learning techniques existing in the literature: Basic K-Means, semi-supervised K-Means, DBSCAN, and EM. Results show that the proposed MOGA, not only outperforms the other models, but also provides a good trade off in terms of detection rate, false positive rate, and time to build and run the model. A hierarchical version of the proposed model is also implemented, to observe the gains, if any, obtained by increasing cluster purity by means of a second layer of clusters. Results show that with the hierarchical MOGA, significant gains are observed in terms of the classification performances of the system. Network Traffic Identification Encrypted Traffic
2	Rozšíření NetFlow záznamů pro zlepšení možností klasifikace šifrovaného provozu / Extending NetFlow Records for Increasing Encrypted Traffic Classification Capabilities Šuhaj, Peter January 2020 (has links) Master's thesis deals with selection of attributes proper for classification of encrypted traffic, with the extension of NetFlow entries with these attributes and with creating a tool for classify encrypted TLS traffic. The following attributes were selected: size of packets, inter-packet arrival times, number of packets in flow and size of the flow. Selection of attributes was followed by design of extending NetFlow records with these attributes for classifying encrypted traffic. Extension of records was implemented in language C for exporter of the company Flowmon Networks a.s.. Classifier for collector was implemented in language Python. Classifier is based on a model, for which training data were needed. The exporter contains the classifying algorithm too, the place of the classification can be set. The implementation was followed by creation of testing data and evaluation of the accuracy. The speed of the classifier was tested too. In the best case scenario 47% accuracy was achieved.
3	Encrypted Traffic Analysis on Smart Speakers with Deep Learning Kennedy, Sean M. 21 October 2019 (has links) No description available. Computer Science Encrypted Traffic Analysis Smart Speaker Security Privacy Deep Learning Amazon Echo
4	State-of-the-art Intrusion Detection: Technology, Challenges, and Evaluation. Peddisetty, Naga Raju January 2005 (has links) <p>Due to the invention of automated hacking tools, Hacking is not a black art anymore. Even script kiddies can launch attacks in few seconds. Therefore, there is a great emphasize on the Security to protect the resources from camouflage. Intrusion Detection System is also one weapon in the security arsenal. It is the process of monitoring and analyzing information sources in order to detect vicious traffic. With its unique capabilities like monitoring, analyzing, detecting and archiving, IDS assists the organizations to combat against threats, to have a snap-shot of the networks, and to conduct Forensic Analysis. Unfortunately there are myriad products inthe market. Selecting a right product at time is difficult. Due to the wide spread rumors and paranoia, in this work I have presented the state-of-the-art IDS technologies, assessed the products, and evaluated. I have also presented some of the novel challenges that IDS products are suffering. This work will be a great help for pursuing IDS technology and to deploy Intrusion Detection Systems in an organization. It also gives in-depth knowledge of the present IDS challenges.</p> Informationsteknik IDS Challenges Evaluation State-of-the-art IDS Evasion attacks IDS features zero-day attacks Encrypted traffic. Informationsteknik Information technology Informationsteknik
5	State-of-the-art Intrusion Detection: Technology, Challenges, and Evaluation. Peddisetty, Naga Raju January 2005 (has links) Due to the invention of automated hacking tools, Hacking is not a black art anymore. Even script kiddies can launch attacks in few seconds. Therefore, there is a great emphasize on the Security to protect the resources from camouflage. Intrusion Detection System is also one weapon in the security arsenal. It is the process of monitoring and analyzing information sources in order to detect vicious traffic. With its unique capabilities like monitoring, analyzing, detecting and archiving, IDS assists the organizations to combat against threats, to have a snap-shot of the networks, and to conduct Forensic Analysis. Unfortunately there are myriad products inthe market. Selecting a right product at time is difficult. Due to the wide spread rumors and paranoia, in this work I have presented the state-of-the-art IDS technologies, assessed the products, and evaluated. I have also presented some of the novel challenges that IDS products are suffering. This work will be a great help for pursuing IDS technology and to deploy Intrusion Detection Systems in an organization. It also gives in-depth knowledge of the present IDS challenges. Informationsteknik IDS Challenges Evaluation State-of-the-art IDS Evasion attacks IDS features zero-day attacks Encrypted traffic. Informationsteknik Computer and Information Sciences Data- och informationsvetenskap
6	<strong>Deep Learning-Based Anomaly Detection in TLS Encrypted Traffic</strong> Kehinde Ayano (16650471) 03 August 2023 (has links) <p> The growing trend of encrypted network traffic is changing the cybersecurity threat scene. Most critical infrastructures and organizations enhance service delivery by embracing digital platforms and applications that use encryption to ensure that data and Information are moved across networks in an encrypted form to improve security. While this protects data confidentiality, hackers are also taking advantage of encrypted network traffic to hide malicious software known as malware that will easily bypass the conventional detection mechanisms on the system because the traffic is not transparent for the monitoring mechanism on the system to analyze. Cybercriminals leverage encryption using cryptographic protocols such as SSL/TLS to launch malicious attacks. This hidden threat exists because of the SSL encryption of benign traffic. Hence, there is a need for visibility in encrypted traffic. This research was conducted to detect malware in encrypted network traffic without decryption. The existing solution involves bulk decryption, analysis, and re-encryption. However, this method is prone to privacy issues, is not cost-efficient, and is time-consuming, creating huge overhead on the network. In addition, limited research exists on detecting malware in encrypted traffic without decryption. There is a need to strike a balance between security and privacy by building an intelligent framework that can detect malicious activity in encrypted network traffic without decrypting the traffic prior to inspection. With the payload still encrypted, the study focuses on extracting metadata from flow features to train the machine-learning model. It further deployed this set of features as input to an autoencoder, leveraging the construction error of the autoencoder for anomaly detection. </p> Data and information privacy Data security and protection System and network security Cybersecurity Privacy Encrypted Traffic Network Security Machine Learning Deep Learning
7	Generic Encrypted Traffic Identification using Network Grammar : A Case Study in Passive OS Fingerprinting / Generisk Krypterad Trafikidentifiering med Nätverksgrammatik : En fallstudie i passiv osfingeravtryck Rajala, Lukas, Scott, Kevin January 2022 (has links) The increase in cybercrime and cyber-warfare has spurred the cat-and-mouse game of finding and attacking vulnerable devices on government or private company networks. The devices attacked are often forgotten computers that run operating systems with known exploits. Finding these devices are crucial for both an attacker and defender since they may be the only weak link on the network. Device discovery on a network using probing or active fingerprinting methods results in extra traffic on the network, which may strain fragile networks and generates suspect traffic that may get flagged as intrusive. Using passive OS fingerprinting allows an actor to listen in and classify active devices on a network. This thesis shows the features that can be exploited for OS fingerprinting and discusses the importance of TLS payload and time-based features. We also present a data collection strategy that could be utilized for simulating multiple OSs and collecting new datasets. We found that the TLS attributes such as cipher suites play an important role in distinguishing between OS versions. Passive OS Fingerprinting Encrypted Traffic Identification Automated Traffic Analysis Machine Learning Supervised Learning Networks Packet Classification Security and Privacy Computer Sciences Datavetenskap (datalogi)
8	Towards Realistic Datasets forClassification of VPN Traffic : The Effects of Background Noise on Website Fingerprinting Attacks / Mot realistiska dataset för klassificering av VPN trafik : Effekten av bakgrundsoljud på website fingerprint attacker Sandquist, Christoffer, Ersson, Jon-Erik January 2023 (has links) Virtual Private Networks (VPNs) is a booming business with significant margins once a solid user base has been established and big VPN providers are putting considerable amounts of money into marketing. However, there exists Website Fingerprinting (WF) attacks that are able to correctly predict which website a user is visiting based on web traffic even though it is going through a VPN tunnel. These attacks are fairly accurate when it comes to closed world scenarios but a problem is that these scenarios are still far away from capturing typical user behaviour.In this thesis, we explore and build tools that can collect VPN traffic from different sources. This traffic can then be combined into more realistic datasets that we evaluate the accuracy of WF attacks on. We hope that these datasets will help us and others better simulate more realistic scenarios.Over the course of the project we developed automation scripts and data processing tools using Bash and Python. Traffic was collected on a server provided by our university using a combination of containerisation, the scripts we developed, Unix tools and Wireshark. After some manual data cleaning we combined our captured traffic together with a provided dataset of web traffic and created a new dataset that we used in order to evaluate the accuracy of three WF attacks.By the end we had collected 1345 capture files of VPN traffic. All of the traffic were collected from the popular livestreaming website twitch.tv. Livestreaming channels were picked from the twitch.tv frontpage and we ended up with 245 unique channels in our dataset. Using our dataset we managed to decrease the accuracy of all three tested WF attacks from 90% down to 47% with a WF attack confidence threshold of0.0 and from 74% down to 17% with a confidence threshold of 0.99. Even though this is a significant decrease in accuracy it comes with a roughly tenfold increase in the number of captured packets for the WF attacker.Thesis artifacts are available at github.com/C-Sand/rds-collect. / Virtual Private Network (VPN) marknaden har växt kraftigt och det finns stora marginaler när en solid användarbas väl har etablerats. Stora VPN-leverantörer lägger dessutom avsevärda summor pengar på marknadsföring. Det finns dock WF-attacker som kan korrekt gissa vilken webbplats en användare besöker baserat på webbtrafik, även om den går genom en VPN-tunnel.Dessa attacker har rätt bra precision när det kommer till scenarier i sluten värld, men problemet är att dessa fortfarande är långt borta från att simulera typiskt användarbeteende.I det här examensarbetet utforskar och bygger vi verktyg som kan samla in VPNtrafik från olika källor. Trafiken kan användas för att kombineras till mera realistiska dataset och sedan användas för att utvärdera träffsäkerheten av WF-attacker. Vi hoppas att dessa dataset kommer att hjälpa oss och andra att bättre simulera verkliga scenarier.Under projektets gång utvecklade vi ett par automatiserings skript och verktyg för databearbetning med hjälp av Bash och Python. Trafik samlades in på en server från vårt universitet med en kombination av containeriseringen, skripten vi utvecklade, Unix-verktyg och Wireshark. Efter en del manuell datarensning kombinerade vi vår infångade trafik tillsammans med det tillhandahållna datasetet med webbtrafik och skapade ett nytt dataset som vi använde för att utvärdera riktigheten av tre WF attacker.Vid slutet hade vi samlat in 1345 filer med VPN-trafik. All trafik samlades in från den populära livestream plattformen twitch.tv. Livestreamingkanaler plockades ut från twitchs förstasida och vi slutade med 245 unika kanaler i vårat dataset. Med hjälp av vårat dataset lyckades vi minska noggrannheten för alla tre testade WF-attacker från 90% ner till 47% med tröskeln på 0,0 och från 74% ner till 17% med en tröskel på 0,99. Även om detta är en betydande minskning av noggrannheten kommer det med en ungefär tiofaldig ökning av antalet paket. I slutändan samlade vi bara trafik från twitch.tv men fick ändå några intressanta resultat och skulle gärna se fortsatt forskning inom detta område.Kod, instruktioner, dataset och andra artefakter finns tillgängliga via github.com/CSand/rds-collect. Data collection Website fingerprinting dataset traffic analysis VPN encrypted traffic machine learning deep learning network measurements twitch Datainsamling Profilering av hemsidor dataset trafikanalys VPN krypterad trafik maskininlärning djupinlärning nätverksmätningar twitch Computer and Information Sciences Data- och informationsvetenskap

Search results