INFERRING NETWORKING EVENTS FROM TRANSPORT LAYER SECURITY–ENCRYPTED TRAFFIC
Loading...
Authors
Lowery, Cardavian J.
Subjects
Transport Layer Security
TLS
Software Defined Networks
SDN
inferencing
machine learning
classification
TLS
Software Defined Networks
SDN
inferencing
machine learning
classification
Advisors
Xie, Geoffrey G.
Date of Issue
2021-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Security protocols are one of the most secure ways to ensure an outsider threat does not gain access to information sent across networks. Current security protocol standards typically encrypt packet payloads against such intrusions. But with data encryption comes new challenges to monitor communication on a network. In Software Defined Networks (SDN), Transport Layer Security (TLS) is commonly used to encrypt OpenFlow messages exchanged between a controller and each switch under its control. TLS results in lack of data visibility to network monitors and this, in-turn, can prevent timely detection of and response to various network events. In this thesis, we develop solutions to classify encrypted OpenFlow traffic into OpenFlow message types. It examines the effectiveness of two traffic classification techniques using a dataset generated from a simulated SDN, and shows that the techniques can achieve an accuracy up to 95%. The most successful features used to classify encrypted OpenFlow messages are explained along with a methodology of collecting data, labeling data, identifying features, and the training of models to achieve high accuracy of classification.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.