Pine: Enabling Privacy-Preserving Deep Packet Inspection on TLS with Rule-Hiding and Fast Connection Establishment

Ning, Jianting; Huang, Xinyi; Poh, Geong Sen; Xu, Shengmin; Loh, Jia-Ch'ng; Weng, Jian; Deng, Robert H.

doi:10.1007/978-3-030-58951-6_1

Cited by 17 publications

(7 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Production devices in service provider and user environments employ traffic classification for attack detection that would typically require significant computing resources to decrypt and (re)encrypt data in real-time affecting the network throughput, delay, and overall user experience. e costs of associated techniques such as deep packet inspection (DPI) are also substantial in terms of equipment and resources that these are not considered readily adoptable [27,28]. e encryption and decryption of network traffic is not only resource intensive but also a challenging task for network managers in adequately preserving the privacy of end-users.…”

Section: Cyber Security and Neuralmentioning

confidence: 99%

Anomaly Detection in Encrypted Internet Traffic Using Hybrid Deep Learning

Bakhshi

Ghita

2021

Security and Communication Networks

View full text Add to dashboard Cite

An increasing number of Internet application services are relying on encrypted traffic to offer adequate consumer privacy. Anomaly detection in encrypted traffic to circumvent and mitigate cyber security threats is, however, an open and ongoing research challenge due to the limitation of existing traffic classification techniques. Deep learning is emerging as a promising paradigm, allowing reduction in manual determination of feature set to increase classification accuracy. The present work develops a deep learning-based model for detection of anomalies in encrypted network traffic. Three different publicly available datasets including the NSL-KDD, UNSW-NB15, and CIC-IDS-2017 are used to comprehensively analyze encrypted attacks targeting popular protocols. Instead of relying on a single deep learning model, multiple schemes using convolutional (CNN), long short-term memory (LSTM), and recurrent neural networks (RNNs) are investigated. Our results report a hybrid combination of convolutional (CNN) and gated recurrent unit (GRU) models as outperforming others. The hybrid approach benefits from the low-latency feature derivation of the CNN, and an overall improved training dataset fitting. Additionally, the highly effective generalization offered by GRU results in optimal time-domain-related feature extraction, resulting in the CNN and GRU hybrid scheme presenting the best model.

show abstract

Section: Cyber Security and Neuralmentioning

confidence: 99%

Anomaly Detection in Encrypted Internet Traffic Using Hybrid Deep Learning

Bakhshi

Ghita

2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…However, the design of the cryptography-based outsourced network functions may have defects when applying the encryption schemes. For example, Ning et al [34] pointed out that PrivDPI [32] is vulnerable to the brute-force guessing when the rule set is small.…”

Section: C) Side-channel Attackmentioning

confidence: 99%

“…In PrivDPI, the encrypted packet tokens in a new session can be derived from the encrypted tokens in the last session by preserving a count table, which makes the encrypted ruleset in the middlebox reusable. However, according to Ning et al [34], PrivDPI is vulnerable to brute-force attacks, where the middlebox can forge any encrypted rules by itself and then infer the content of the encrypted traffic. Ning et al [34] then proposed…”

Section: A Equality Matchmentioning

confidence: 99%

“…However, according to Ning et al [34], PrivDPI is vulnerable to brute-force attacks, where the middlebox can forge any encrypted rules by itself and then infer the content of the encrypted traffic. Ning et al [34] then proposed…”

Section: A Equality Matchmentioning

confidence: 99%

“…Due to such leakage, SSE schemes are vulnerable to the leakage-abuse attacks [146]- [150]. It is also reported that PrivDPI [32] is vulnerable to brute-force attacks when the space of the rule set is small [34].…”

Section: Privacy and Securitymentioning

confidence: 99%

See 2 more Smart Citations