Impacto da criptografia da camada de transporte em análises de fluxos com aprendizado de máquina
Abstract
With the increase in the use of cryptography in computer network communications, it is possible that, in the future, encryption of transport layer protocols become commonplace, which may hinder or make automated network flow analysis less efficient. This paper proposes and implements an analysis on the impact of this possible encryption on flow analysis with machine learning. The results showed that the encryption of this network layer could affect the analysis of network flows. The concepts of explainability and interpretability were used to evaluate the quality of the results.References
Al-Essa, M. and Appice, A. (2022). Dealing with imbalanced data in multi-class network intrusion detection systems using xgboost. In Machine Learning and Principles and Practice of Knowledge Discovery in Databases: International Workshops of ECML PKDD 2021, Virtual Event, September 13-17, 2021, Proceedings, Part II, pages 5–21. Springer.
Alias, S. B., Manickam, S., and Kadhum, M. M. (2013). A study on packet capture mechanisms in real time network traffic. In 2013 International Conference on Advanced Computer Science Applications and Technologies, pages 456–460.
Bhuyan, M. H., Bhattacharyya, D. K., and Kalita, J. K. (2013). Network anomaly detection: methods, systems and tools. Ieee communications surveys & tutorials, 16(1):303– 336.
Bittau, A., Giffin, D. B., Handley, M. J., Mazieres, D., Slack, Q., and Smith, E. W. (2019a). Cryptographic Protection of TCP Streams (tcpcrypt). RFC 8548.
Bittau, A., Giffin, D. B., Handley, M. J., Mazieres, D., and Smith, E. W. (2019b). TCPENO: Encryption Negotiation Option. RFC 8547.
Bittau, A., Hamburg, M., Handley, M., Mazieres, D., and Boneh, D. (2010). The case for ubiquitous transport-level encryption. In 2010 USENIX Annual Technical Conference (USENIX ATC 10). USENIX Association.
Boukhtouta, A., Mokhov, S. A., Lakhdari, N.-E., Debbabi, M., and Paquet, J. (2016). Network malware classification comparison using dpi and flow packet headers. Journal of Computer Virology and Hacking Techniques, 12:69–100.
Boutaba, R., Salahuddin, M. A., Limam, N., Ayoubi, S., Shahriar, N., Estrada-Solano, F., and Caicedo, O. M. (2018). A comprehensive survey on machine learning for networking: evolution, applications and research opportunities. Journal of Internet Services and Applications, 9(1):1–99.
Dijkhuizen, N. V. and Ham, J. V. D. (2018). A survey of network traffic anonymisation techniques and implementations. ACM Computing Surveys (CSUR), 51(3):1–27.
Gupta, N., Jindal, V., and Bedi, P. (2022). Cse-ids: Using cost-sensitive deep learning and ensemble algorithms to handle class imbalance in network-based intrusion detection systems. Computers & Security, 112:102499.
H2O.ai (2023). H2O. 3.40.0.2.
Joshi, M. and Hadi, T. H. (2015). A review of network traffic analysis and prediction techniques. arXiv preprint arXiv:1507.05722.
Karagiannis, T., Papagiannaki, K., and Faloutsos, M. (2005). Blinc: multilevel traffic classification in the dark. In Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, pages 229– 240.
Le, T.-T.-H., Kim, H., Kang, H., and Kim, H. (2022). Classification and explanation for intrusion detection system based on ensemble trees and shap method. Sensors, 22(3):1154.
Lundberg, S. M. and Lee, S.-I. (2017). A unified approach to interpreting model predictions. In Guyon, I., Luxburg, U. V., Bengio, S., Wallach, H., Fergus, R., Vishwanathan, S., and Garnett, R., editors, Advances in Neural Information Processing Systems 30, pages 4765–4774. Curran Associates, Inc.
Rezaei, S. and Liu, X. (2019). Deep learning for encrypted traffic classification: An overview. IEEE communications magazine, 57(5):76–81.
Ring, M., Wunderlich, S., Scheuring, D., Landes, D., and Hotho, A. (2019). A survey of network-based intrusion detection data sets. Computers & Security, 86:147–167.
Rosay, A., Carlier, F., Cheval, E., and Leroux, P. (2021). From cic-ids2017 to lycosids2017: A corrected dataset for better performance. In IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology, pages 570–575.
Rosay, A., Riou, K., Carlier, F., and Leroux, P. (2022). Multi-layer perceptron for network intrusion detection: From a study on two recent data sets to deployment on automotive processor. Annals of Telecommunications, 77(5-6):371–394.
Sarhan, M., Layeghy, S., and Portmann, M. (2022). Towards a standard feature set for network intrusion detection system datasets. Mobile networks and applications, pages 1–14.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Shen, M., Ye, K., Liu, X., Zhu, L., Kang, J., Yu, S., Li, Q., and Xu, K. (2023). Machine learning-powered encrypted network traffic analysis: A comprehensive survey. IEEE Communications Surveys Tutorials, 25(1):791–824.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the kdd cup 99 data set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pages 1–6.
Ullah, I. and Mahmoud, Q. H. (2020). A scheme for generating a dataset for anomalous activity detection in iot networks. In Advances in Artificial Intelligence: 33rd Canadian Conference on Artificial Intelligence, Canadian AI 2020, Ottawa, ON, Canada, May 13–15, 2020, Proceedings 33, pages 508–520. Springer.
Alias, S. B., Manickam, S., and Kadhum, M. M. (2013). A study on packet capture mechanisms in real time network traffic. In 2013 International Conference on Advanced Computer Science Applications and Technologies, pages 456–460.
Bhuyan, M. H., Bhattacharyya, D. K., and Kalita, J. K. (2013). Network anomaly detection: methods, systems and tools. Ieee communications surveys & tutorials, 16(1):303– 336.
Bittau, A., Giffin, D. B., Handley, M. J., Mazieres, D., Slack, Q., and Smith, E. W. (2019a). Cryptographic Protection of TCP Streams (tcpcrypt). RFC 8548.
Bittau, A., Giffin, D. B., Handley, M. J., Mazieres, D., and Smith, E. W. (2019b). TCPENO: Encryption Negotiation Option. RFC 8547.
Bittau, A., Hamburg, M., Handley, M., Mazieres, D., and Boneh, D. (2010). The case for ubiquitous transport-level encryption. In 2010 USENIX Annual Technical Conference (USENIX ATC 10). USENIX Association.
Boukhtouta, A., Mokhov, S. A., Lakhdari, N.-E., Debbabi, M., and Paquet, J. (2016). Network malware classification comparison using dpi and flow packet headers. Journal of Computer Virology and Hacking Techniques, 12:69–100.
Boutaba, R., Salahuddin, M. A., Limam, N., Ayoubi, S., Shahriar, N., Estrada-Solano, F., and Caicedo, O. M. (2018). A comprehensive survey on machine learning for networking: evolution, applications and research opportunities. Journal of Internet Services and Applications, 9(1):1–99.
Dijkhuizen, N. V. and Ham, J. V. D. (2018). A survey of network traffic anonymisation techniques and implementations. ACM Computing Surveys (CSUR), 51(3):1–27.
Gupta, N., Jindal, V., and Bedi, P. (2022). Cse-ids: Using cost-sensitive deep learning and ensemble algorithms to handle class imbalance in network-based intrusion detection systems. Computers & Security, 112:102499.
H2O.ai (2023). H2O. 3.40.0.2.
Joshi, M. and Hadi, T. H. (2015). A review of network traffic analysis and prediction techniques. arXiv preprint arXiv:1507.05722.
Karagiannis, T., Papagiannaki, K., and Faloutsos, M. (2005). Blinc: multilevel traffic classification in the dark. In Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, pages 229– 240.
Le, T.-T.-H., Kim, H., Kang, H., and Kim, H. (2022). Classification and explanation for intrusion detection system based on ensemble trees and shap method. Sensors, 22(3):1154.
Lundberg, S. M. and Lee, S.-I. (2017). A unified approach to interpreting model predictions. In Guyon, I., Luxburg, U. V., Bengio, S., Wallach, H., Fergus, R., Vishwanathan, S., and Garnett, R., editors, Advances in Neural Information Processing Systems 30, pages 4765–4774. Curran Associates, Inc.
Rezaei, S. and Liu, X. (2019). Deep learning for encrypted traffic classification: An overview. IEEE communications magazine, 57(5):76–81.
Ring, M., Wunderlich, S., Scheuring, D., Landes, D., and Hotho, A. (2019). A survey of network-based intrusion detection data sets. Computers & Security, 86:147–167.
Rosay, A., Carlier, F., Cheval, E., and Leroux, P. (2021). From cic-ids2017 to lycosids2017: A corrected dataset for better performance. In IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology, pages 570–575.
Rosay, A., Riou, K., Carlier, F., and Leroux, P. (2022). Multi-layer perceptron for network intrusion detection: From a study on two recent data sets to deployment on automotive processor. Annals of Telecommunications, 77(5-6):371–394.
Sarhan, M., Layeghy, S., and Portmann, M. (2022). Towards a standard feature set for network intrusion detection system datasets. Mobile networks and applications, pages 1–14.
Sharafaldin, I., Lashkari, A. H., and Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108–116.
Shen, M., Ye, K., Liu, X., Zhu, L., Kang, J., Yu, S., Li, Q., and Xu, K. (2023). Machine learning-powered encrypted network traffic analysis: A comprehensive survey. IEEE Communications Surveys Tutorials, 25(1):791–824.
Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. A. (2009). A detailed analysis of the kdd cup 99 data set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pages 1–6.
Ullah, I. and Mahmoud, Q. H. (2020). A scheme for generating a dataset for anomalous activity detection in iot networks. In Advances in Artificial Intelligence: 33rd Canadian Conference on Artificial Intelligence, Canadian AI 2020, Ottawa, ON, Canada, May 13–15, 2020, Proceedings 33, pages 508–520. Springer.
Published
2023-09-18
How to Cite
MAGNUS, Tiago de Carvalho; NOBRE, Jéferson de Campos.
Impacto da criptografia da camada de transporte em análises de fluxos com aprendizado de máquina. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 279-292.
DOI: https://doi.org/10.5753/sbseg.2023.233560.
