Detecting TCP Flows Inside EcryptedVPN Tunnels
2019 (engelsk)Independent thesis Advanced level (degree of Master (Two Years)), 300 hp
Oppgave
Abstract [en]
Encrypted tunnels have made analyzing Internet traffic harder, when a virtual private network is used the flows become intertwined and thus lose their unique characteristics. These characteristics which are analyzed by network middleboxes for, among other things security and quality-of-service purposes. Using a real-world dataset, this project investigates if packet size and inter-arrival time for the three-way handshake packets can be used to detect the beginning of TCP flows inside encrypted tunnels. Three classification methods were tested, the first using packet size values for detection, the second used correlation data between packet sizes for each three-way handshake packet and the last method used correlation data between packet sizes and inter-arrival times for each three-way handshake packet. The best results were obtained when with the first and last of these methods, with a specific set of parameters.
sted, utgiver, år, opplag, sider
2019. , s. 99
Emneord [en]
Encrypted Tunnels, Flow start, TCP, VPN, Flow separation
HSV kategori
Identifikatorer
URN: urn:nbn:se:kau:diva-71415OAI: oai:DiVA.org:kau-71415DiVA, id: diva2:1293112
Eksternt samarbeid
Sandvine Sweden AB
Utdanningsprogram
Engineering: Computer Engineering (300 ECTS credits)
Presentation
2019-01-18, 10:00 (engelsk)
Veileder
Examiner
Prosjekter
HITS, 47072019-03-122019-03-032019-11-12bibliografisk kontrollert