Identification of Low-Latency Obfuscated Traffic Using Multi-Attribute Analysis

Abstract

There is no process or system capable of detecting obfuscated network traffic on Department of Defense (DOD) networks, and the quantity of obfuscated traffic on DOD networks is unknown. The presence of this traffic on a DOD network creates significant risk from both insider-threat and network defense perspectives. This study used quantitative correlation and simple network-traffic analysis to identify common characteristics, relationships, and sources of obfuscated traffic. Each characteristic was evaluated individually for its ability to detect obfuscated traffic and in combination in a set of Naive Bayes multi-attribute prediction models. The best performing evaluations used multi-attribute analysis and proved capable of detecting approximately 80 percent of obfuscated traffic in a mixed dataset. By applying the methods and observations of this study, the threat to DOD networks from obfuscation technologies can be greatly reduced.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2017
Accession Number
AD1045832

Entities

People

  • Kevin R. Dougherty

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Energy and Power Technologies
  • Engineered Resilient Systems
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Computer Networks
  • Computers
  • Cybersecurity
  • Data Analysis
  • Detection
  • Electronic Mail
  • Graphical User Interface
  • Identification
  • Information Science
  • Insider Threats
  • Intrusion Detection
  • Intrusion Detectors
  • Machine Learning
  • Network Protocols
  • Operating Systems
  • Security
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Aviation Safety and Air Traffic Management
  • Microbial Pathology
  • Neural Network Machine Learning.