|
|
Extending NetFlow Records for Increasing Encrypted Traffic Classification Capabilities
Šuhaj, Peter ; Jeřábek, Kamil (referee) ; Holkovič, Martin (advisor)
Master's thesis deals with selection of attributes proper for classification of encrypted traffic, with the extension of NetFlow entries with these attributes and with creating a tool for classify encrypted TLS traffic. The following attributes were selected: size of packets, inter-packet arrival times, number of packets in flow and size of the flow. Selection of attributes was followed by design of extending NetFlow records with these attributes for classifying encrypted traffic. Extension of records was implemented in language C for exporter of the company Flowmon Networks a.s.. Classifier for collector was implemented in language Python. Classifier is based on a model, for which training data were needed. The exporter contains the classifying algorithm too, the place of the classification can be set. The implementation was followed by creation of testing data and evaluation of the accuracy. The speed of the classifier was tested too. In the best case scenario 47% accuracy was achieved.
|
|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
|
|
Design of Methods for Encrypted Traffic Visualization
Hlučková, Pavla ; Martinásek, Zdeněk (referee) ; Malina, Lukáš (advisor)
This thesis deals with design of methods for encrypted traffic visualization. It generally describes selected encrypted traffic protocols, whose data samples were collected later on to form a dataset. Furthermore, it focuses on the topic of IP flow monitoring and decribes the means of carrying out such monitoring. An important part of this thesis is the dataset created from the samples of mentioned protocols and the visualizations of different statistics and metadata gatherable from (extended) IP flows of these protocols. The designed methods of visualization are implemented using the Python programming language and the Jupyter Notebook technology.
|
|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
|
|
Extending NetFlow Records for Increasing Encrypted Traffic Classification Capabilities
Šuhaj, Peter ; Jeřábek, Kamil (referee) ; Holkovič, Martin (advisor)
Master's thesis deals with selection of attributes proper for classification of encrypted traffic, with the extension of NetFlow entries with these attributes and with creating a tool for classify encrypted TLS traffic. The following attributes were selected: size of packets, inter-packet arrival times, number of packets in flow and size of the flow. Selection of attributes was followed by design of extending NetFlow records with these attributes for classifying encrypted traffic. Extension of records was implemented in language C for exporter of the company Flowmon Networks a.s.. Classifier for collector was implemented in language Python. Classifier is based on a model, for which training data were needed. The exporter contains the classifying algorithm too, the place of the classification can be set. The implementation was followed by creation of testing data and evaluation of the accuracy. The speed of the classifier was tested too. In the best case scenario 47% accuracy was achieved.
|
|
|
Design of Methods for Encrypted Traffic Visualization
Hlučková, Pavla ; Martinásek, Zdeněk (referee) ; Malina, Lukáš (advisor)
This thesis deals with design of methods for encrypted traffic visualization. It generally describes selected encrypted traffic protocols, whose data samples were collected later on to form a dataset. Furthermore, it focuses on the topic of IP flow monitoring and decribes the means of carrying out such monitoring. An important part of this thesis is the dataset created from the samples of mentioned protocols and the visualizations of different statistics and metadata gatherable from (extended) IP flows of these protocols. The designed methods of visualization are implemented using the Python programming language and the Jupyter Notebook technology.
|
guest ::
