Inferring Networking Events From Transport Layer Security-Encrypted Traffic

Abstract

Security protocols are one of the most secure ways to ensure an outsider threat does not gain access to information sent across networks. Current security protocol standards typically encrypt packet payloads against such intrusions. But with data encryption comes new challenges to monitor communication on a network. In Software Defined Networks (SDN), Transport Layer Security (TLS) is commonly used to encrypt OpenFlow messages exchanged between a controller and each switch under its control. TLS results in lack of data visibility to network monitors and this, in-turn, can prevent timely detection of and response to various network events. In this thesis, we develop solutions to classify encrypted OpenFlow traffic into OpenFlow message types. It examines the effectiveness of two traffic classification techniques using a dataset generated from a simulated SDN, and shows that the techniques can achieve an accuracy up to 95 percent. The most successful features used to classify encrypted OpenFlow messages are explained along with a methodology of collecting data, labeling data, identifying features, and the training of models to achieve high accuracy of classification.

Document Details

Document Type

Technical Report

Publication Date

Jun 01, 2021

Accession Number

AD1151056

Entities

Tags