Detecting TCP Flows Inside EcryptedVPN Tunnels
2019 (English)Independent thesis Advanced level (degree of Master (Two Years)), 300 HE credits
Student thesis
Abstract [en]
Encrypted tunnels have made analyzing Internet traffic harder, when a virtual private network is used the flows become intertwined and thus lose their unique characteristics. These characteristics which are analyzed by network middleboxes for, among other things security and quality-of-service purposes. Using a real-world dataset, this project investigates if packet size and inter-arrival time for the three-way handshake packets can be used to detect the beginning of TCP flows inside encrypted tunnels. Three classification methods were tested, the first using packet size values for detection, the second used correlation data between packet sizes for each three-way handshake packet and the last method used correlation data between packet sizes and inter-arrival times for each three-way handshake packet. The best results were obtained when with the first and last of these methods, with a specific set of parameters.
Place, publisher, year, edition, pages
2019. , p. 99
Keywords [en]
Encrypted Tunnels, Flow start, TCP, VPN, Flow separation
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kau:diva-71415OAI: oai:DiVA.org:kau-71415DiVA, id: diva2:1293112
External cooperation
Sandvine Sweden AB
Educational program
Engineering: Computer Engineering (300 ECTS credits)
Presentation
2019-01-18, 10:00 (English)
Supervisors
Examiners
Projects
HITS, 47072019-03-122019-03-032019-11-12Bibliographically approved