DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1151056
Title:
Inferring Networking Events From Transport Layer Security-Encrypted Traffic
Report Date:
2021-06-01
Abstract:
Security protocols are one of the most secure ways to ensure an outsider threat does not gain access to information sent across networks. Current security protocol standards typically encrypt packet payloads against such intrusions. But with data encryption comes new challenges to monitor communication on a network. In Software Defined Networks (SDN), Transport Layer Security (TLS) is commonly used to encrypt OpenFlow messages exchanged between a controller and each switch under its control. TLS results in lack of data visibility to network monitors and this, in-turn, can prevent timely detection of and response to various network events. In this thesis, we develop solutions to classify encrypted OpenFlow traffic into OpenFlow message types. It examines the effectiveness of two traffic classification techniques using a dataset generated from a simulated SDN, and shows that the techniques can achieve an accuracy up to 95 percent. The most successful features used to classify encrypted OpenFlow messages are explained along with a methodology of collecting data, labeling data, identifying features, and the training of models to achieve high accuracy of classification.
Document Type:
Conference:
Journal:
Pages:
65
File Size:
6.81MB
Contracts:
Grants:
Distribution Statement:
Approved For Public Release
