Finding a Needle in a Haystack: The Traffic Analysis Version

Abdullah Qasem, Sami Zhioua, Karima Makhlouf
2019 Proceedings on Privacy Enhancing Technologies  
Traffic analysis is the process of extracting useful/sensitive information from observed network traffic. Typical use cases include malware detection and website fingerprinting attacks. High accuracy traffic analysis techniques use machine learning algorithms (e.g. SVM, kNN) and require to split the traffic into correctly separated blocks. Inspired by digital forensics techniques, we propose a new network traffic analysis approach based on similarity digest. The approach features several
more » ... ges compared to existing techniques, namely, fast signature generation, compact signature representation using Bloom filters, efficient similarity detection between packet traces of arbitrary sizes, and in particular dropping the traffic splitting requirement altogether. Experimental results show very promising results on VPN and malware traffic, but low results on Tor traffic due mainly to the single-size cells feature.
doi:10.2478/popets-2019-0030 dblp:journals/popets/QasemZM19 fatcat:wavpwb645vep7gindmgtdc5hdq