Adaptive encrypted traffic fingerprinting with bi-directional dependence

Khaled Al-Naami, Swarup Chandra, Ahmad Mustafa, Latifur Khan, Zhiqiang Lin, Kevin Hamlen, Bhavani Thuraisingham

Research output: ResearchConference contribution

Abstract

Recently, network traffic analysis has been increasingly used in various applications including security, targeted advertisements, and network management. However, data encryption performed on network traffic poses a challenge to these analysis techniques. In this paper, we present a novel method to extract characteristics from encrypted traffic by utilizing data dependencies that occur over sequential transmissions of network packets. Furthermore, we explore the temporal nature of encrypted traffic and introduce an adaptive model that considers changes in data content over time. We evaluate our analysis on two packet encrypted applications: website fingerprinting and mobile application (app) fingerprinting. Our evaluation shows how the proposed approach outperforms previous works especially in the open-world scenario and when defense mechanisms are considered.

LanguageEnglish (US)
Title of host publicationProceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016
PublisherAssociation for Computing Machinery
Pages177-188
Number of pages12
Volume5-9-December-2016
ISBN (Electronic)9781450347716
DOIs
StatePublished - Dec 5 2016
Event32nd Annual Computer Security Applications Conference, ACSAC 2016 - Los Angeles, United States
Duration: Dec 5 2016Dec 9 2016

Other

Other32nd Annual Computer Security Applications Conference, ACSAC 2016
CountryUnited States
CityLos Angeles
Period12/5/1612/9/16

Fingerprint

Packet networks
Network management
Cryptography
Websites

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Software

Cite this

Al-Naami, K., Chandra, S., Mustafa, A., Khan, L., Lin, Z., Hamlen, K., & Thuraisingham, B. (2016). Adaptive encrypted traffic fingerprinting with bi-directional dependence. In Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016 (Vol. 5-9-December-2016, pp. 177-188). Association for Computing Machinery. DOI: 10.1145/2991079.2991123

Adaptive encrypted traffic fingerprinting with bi-directional dependence. / Al-Naami, Khaled; Chandra, Swarup; Mustafa, Ahmad; Khan, Latifur; Lin, Zhiqiang; Hamlen, Kevin; Thuraisingham, Bhavani.

Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016. Vol. 5-9-December-2016 Association for Computing Machinery, 2016. p. 177-188.

Research output: ResearchConference contribution

Al-Naami, K, Chandra, S, Mustafa, A, Khan, L, Lin, Z, Hamlen, K & Thuraisingham, B 2016, Adaptive encrypted traffic fingerprinting with bi-directional dependence. in Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016. vol. 5-9-December-2016, Association for Computing Machinery, pp. 177-188, 32nd Annual Computer Security Applications Conference, ACSAC 2016, Los Angeles, United States, 12/5/16. DOI: 10.1145/2991079.2991123
Al-Naami K, Chandra S, Mustafa A, Khan L, Lin Z, Hamlen K et al. Adaptive encrypted traffic fingerprinting with bi-directional dependence. In Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016. Vol. 5-9-December-2016. Association for Computing Machinery. 2016. p. 177-188. Available from, DOI: 10.1145/2991079.2991123
Al-Naami, Khaled ; Chandra, Swarup ; Mustafa, Ahmad ; Khan, Latifur ; Lin, Zhiqiang ; Hamlen, Kevin ; Thuraisingham, Bhavani. / Adaptive encrypted traffic fingerprinting with bi-directional dependence. Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016. Vol. 5-9-December-2016 Association for Computing Machinery, 2016. pp. 177-188
@inbook{af867a0e215c4e31acf4b3ff2f051273,
title = "Adaptive encrypted traffic fingerprinting with bi-directional dependence",
abstract = "Recently, network traffic analysis has been increasingly used in various applications including security, targeted advertisements, and network management. However, data encryption performed on network traffic poses a challenge to these analysis techniques. In this paper, we present a novel method to extract characteristics from encrypted traffic by utilizing data dependencies that occur over sequential transmissions of network packets. Furthermore, we explore the temporal nature of encrypted traffic and introduce an adaptive model that considers changes in data content over time. We evaluate our analysis on two packet encrypted applications: website fingerprinting and mobile application (app) fingerprinting. Our evaluation shows how the proposed approach outperforms previous works especially in the open-world scenario and when defense mechanisms are considered.",
author = "Khaled Al-Naami and Swarup Chandra and Ahmad Mustafa and Latifur Khan and Zhiqiang Lin and Kevin Hamlen and Bhavani Thuraisingham",
year = "2016",
month = "12",
doi = "10.1145/2991079.2991123",
volume = "5-9-December-2016",
pages = "177--188",
booktitle = "Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016",
publisher = "Association for Computing Machinery",

}

TY - CHAP

T1 - Adaptive encrypted traffic fingerprinting with bi-directional dependence

AU - Al-Naami,Khaled

AU - Chandra,Swarup

AU - Mustafa,Ahmad

AU - Khan,Latifur

AU - Lin,Zhiqiang

AU - Hamlen,Kevin

AU - Thuraisingham,Bhavani

PY - 2016/12/5

Y1 - 2016/12/5

N2 - Recently, network traffic analysis has been increasingly used in various applications including security, targeted advertisements, and network management. However, data encryption performed on network traffic poses a challenge to these analysis techniques. In this paper, we present a novel method to extract characteristics from encrypted traffic by utilizing data dependencies that occur over sequential transmissions of network packets. Furthermore, we explore the temporal nature of encrypted traffic and introduce an adaptive model that considers changes in data content over time. We evaluate our analysis on two packet encrypted applications: website fingerprinting and mobile application (app) fingerprinting. Our evaluation shows how the proposed approach outperforms previous works especially in the open-world scenario and when defense mechanisms are considered.

AB - Recently, network traffic analysis has been increasingly used in various applications including security, targeted advertisements, and network management. However, data encryption performed on network traffic poses a challenge to these analysis techniques. In this paper, we present a novel method to extract characteristics from encrypted traffic by utilizing data dependencies that occur over sequential transmissions of network packets. Furthermore, we explore the temporal nature of encrypted traffic and introduce an adaptive model that considers changes in data content over time. We evaluate our analysis on two packet encrypted applications: website fingerprinting and mobile application (app) fingerprinting. Our evaluation shows how the proposed approach outperforms previous works especially in the open-world scenario and when defense mechanisms are considered.

UR - http://www.scopus.com/inward/record.url?scp=85007524436&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85007524436&partnerID=8YFLogxK

U2 - 10.1145/2991079.2991123

DO - 10.1145/2991079.2991123

M3 - Conference contribution

VL - 5-9-December-2016

SP - 177

EP - 188

BT - Proceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016

PB - Association for Computing Machinery

ER -