Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.2.193

Identification of Unknown Cryptographic Communication Protocol and Packet Analysis Using Machine Learning  

Koo, Dongyoung (Hansung University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.2, 2022 , pp. 193-200 More about this Journal
Abstract
Unknown cryptographic communication protocols may have advantage of guaranteeing personal and data privacy, but when used for malicious purposes, it is almost impossible to identify and respond to using existing network security equipment. In particular, there is a limit to manually analyzing a huge amount of traffic in real time. Therefore, in this paper, we attempt to identify packets of unknown cryptographic communication protocols and separate fields comprising a packet by using machine learning techniques. Using sequential patterns analysis, hierarchical clustering, and Pearson's correlation coefficient, we found that the structure of packets can be automatically analyzed even for an unknown cryptographic communication protocol.
Keywords
Cryptographic protocol; Packet analysis; Sequential Pattern; Hierarchical Clustering; Pearsons's Correlation Coefficient;
Citations & Related Records
연도 인용수 순위
  • Reference
1 QUIC Versions, "QUIC Versions," Internet Assigned Numbers Authority(IANA), https://www.iana.org/assignments/quic/quic.xhtml#quic-versions, [Referenced on] 03. 25. 2022.
2 W. Wang, M. Zhu, J. Wang, X. Zengand Z. Yang, "End-to-end encrypted traffic classification with one-dimensional convolution neural networks," International Conference on Intelligence and Security Informatics(ISI), pp. 43-48, Jul. 2017.
3 M. Lotfollahi, M.J. Siavoshani, R.S. Zade and M. Saberian, "Deeppacket: a novel approach for encrypted traffic classification using deep learning," Methodologies and Application, vol. 24, no. 3, pp. 1999-2012, May 2019.
4 J. Pei, J. Han, B. Mortazavi-Asl, H. Pinto, Q. Chen, U. Dayal, and M. Hsu, "PrefixSpan: Mining Sequential Patterns Efficiently by Prefix-Projected Pattern Growth," International Conference on Data Engineering (ICDE), pp. 215-224, Apr. 2001.
5 J. Fan, C. Guan, K. Ren, Y. Cui and C. Qiao, "SPABox: Safeguarding Privacy During Deep Packet Inspection at a MiddleBox," IEEE/ACM Transactions on Networking, vol. 25, no. 6, pp. 3753-3766, Oct. 2017.   DOI
6 Z. Chen, K. He, J. Li and Y. Geng, "Seq2Img: A sequence-to-image based approach towards IP traffic classification using convolutional neural networks," International Conference on Big Data (BigData), pp. 1657-1670, Dec. 2017.
7 KimiNewt/pyshark, "PyShark", https://github.com/KimiNewt/pyshark, [Referenced on] 03. 25. 2022.
8 J. Ning, G.S. Poh, J. Loh, J. Chia and E. Chang, "PrivDPI: Privacy-Preserving Encrypted Traffic Inspection with Reusable Obfuscated Rules," ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 1657-1670, Nov. 2019.
9 J. Sherry, C. Lan, R.A. Popa and S. Ratnasamy, "BlindBox: Deep Packet Inspection over Encrypted Traffic," ACM Conference on Special Interest Group on Data Communication (SIGCOMM), pp. 213-226, Aug. 2015.
10 C. Lan, J. Sherry, R.A. Popa, S. Ratnasamy and Z. Liu, "Embark: Securely Outsourcing Middleboxes to the Cloud," USENIX Symposium on Networked Systems Design and Implementation (NSDI), pp. 255-273, Mar. 2016.