Identification of low-latency obfuscated traffic using multi-attribute analysis
Loading...
Authors
Dougherty, Kevin R.
Subjects
Tor
onion routing
obfuscation
network traffic analysis
multi-attribute analysis
onion routing
obfuscation
network traffic analysis
multi-attribute analysis
Advisors
Gallup, Shelley
Anderson, Thomas
Date of Issue
2017-03
Date
March 2017
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
There is no process or system capable of detecting obfuscated network traffic on Department of Defense (DOD) networks, and the quantity of obfuscated traffic on DOD networks is unknown. The presence of this traffic on a DOD network creates significant risk from both insider-threat and network-defense perspectives. This study used quantitative correlation and simple network-traffic analysis to identify common characteristics, relationships, and sources of obfuscated traffic. Each characteristic was evaluated individually for its ability to detect obfuscated traffic and in combination in a set of Naive Bayes multi-attribute prediction models. The best performing evaluations used multi-attribute analysis and proved capable of detecting approximately 80 percent of obfuscated traffic in a mixed dataset. By applying the methods and observations of this study, the threat to DOD networks from obfuscation technologies can be greatly reduced.
Type
Thesis
Description
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.