Filter by type:

Sort by year:

Robust open-set classification for encrypted traffic fingerprinting

Journal
Thilini Dahanayaka, Yasod Ginige, Yi Huang, Guillaume Jourjon and Suranga Seneviratne
Computer Networks, 2023
Publication year: 2023.09

Abstract: Encrypted network traffic has been known to leak information about their underlying content through side-channel information leaks. Traffic fingerprinting attacks exploit this by using machine learning techniques to threaten user privacy by identifying user activities such as website visits, videos streamed, and messenger app activities. Although state-of-the-art traffic fingerprinting attacks have high performances, even undermining the latest defenses, most of them are developed under the closed-set assumption. To deploy them in practical situations, it is important to adapt them to the open-set scenario, which allows the attacker to identify its target content while rejecting other background traffic. At the same time, in practice, these models need to be deployed on in-networking devices such as programmable switches, which have limited memory and computation power. Model weight quantization can reduce the memory footprint of deep learning models while at the same time, allowing inference to be done as integer operations as opposed to floating point operations. Open-set classification in the domain of traffic fingerprinting has not been explored well in prior work and none of them explored the effect of quantization on the open-set performance of such models. In this work, we propose a framework for robust open-set classification of encrypted traffic based on three key ideas. First, we show that a well-regularized deep learning model improves the open-set classification and then we propose a novel open-set classification method with three variants that perform consistently over multiple datasets. Next, we show that traffic fingerprinting models can be quantized without a significant drop in both closed-set and open-set accuracy and therefore, they can be readily deployed on in-network computing devices. Finally, we show that when the above three components are combined, the resulting open-set classifier outperforms all other open-set classification methods evaluated across five datasets with a minimum and maximum increase in F1_Score of 8.9% and 77.3% respectively.

Calibrated reconstruction based adversarial autoencoder model for novelty detection

Journal
Yi Huang, Ying Li, Guillaume Jourjon, Suranga Seneviratne, Kanchana Thilakarathna, Adriel Cheng, Darren Webb, Richard Yi Da Xu
Pattern Recognition Letters Volume 169, May 2023, Pages 50-57
Publication year: 2023.04

Abstract: Novelty detection detects outliers located at any location, such as abnormalities (i.e., far distance outliers) and novel/unobserved patterns (i.e., close distance outliers). While many novelty detection approaches have been proposed in the literature, they generally focus on detecting one specific type of outlier, e.g., Multi-Class Open Set Recognition (MCOSR) and One-Class Novelty Detection (OCND) approaches are applied for far and close distance outlier detection, respectively. However, in practice, it is difficult to measure in advance whether the distance between outliers and inliers is far or close. Recent work on outlier detection at any location with a unified model has yielded mixed performance. In this paper, we propose a new unified model, named Calibrated Reconstruction Based Adversarial AutoEncoder (CRAAE), for location agnostic outlier detection. The key idea is to integrate implicit and explicit confidence calibration strategies into a reconstruction based model for building a more accurate decision boundary. We leverage the category information disentangled from feature space to calibrate the decision metric (i.e., reconstruction error) constructed in the original data space. CRAAE also adds Uniform or Dirichlet noise into the artificial outlier generation process to represent various outliers. Experimental results show that CRAAE can outperform state-of-the-art unified models (e.g., GPND) and achieve similar performance with OCND and MCOSR methods in close and far distance outlier detection, respectively.

MapChain-D: A Distributed Blockchain for IIoT Data Storage and Communications

Journal
Tiantong Wu, Graduate, Guillaume Jourjon, Kanchana Thilakarathna, and Phee Lep Yeoh
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS, VOL. XX, NO. XX, XXXX
Publication year: 2023.01

Abstract:

With the rapid growth of the Industrial Internet of Things (IIoT) devices, managing extensive volume of IIoT data becomes a significant challenge. While the conventional cloud storage approaches with centralised data centres suffer from high latency for large-scale IIoT data storage due to the increased communications and latency overheads, distributed storage frameworks such as blockchains have become promising solutions. In this paper, we design and analyse a dual-blockchain framework for secure and scalable distributed data management in large-scale IIoT networks. The proposed framework, named MapChain-D , consists of a data chain that is mapped to an index chain to provide efficient data storage and lookup. MapChain-D is designed for practical IIoT applications with storage, latency, and communications constraints. Detailed data exchange protocols are presented for the data insertion and retrieval operations in MapChain-D . Based on these, theoretical analyses are provided on the space, time, and communications complexities of MapChain-D compared with conventional single-chain frameworks with local and distributed data storage. We implement our MapChain-D prototype using open-source LoRaWAN communications with multiple RPi and Arduino devices, Kademlia-based distributed hash table (DHT), and Ethereum-based blockchain with proof-of-authority (PoA) consensus. Experimental results from our prototype show that MapChain-D is more suitable to be deployed on resource-constrained IIoT devices. We also highlight the scalability and flexibility of MapChain-D with different numbers of edge nodes in the system.

Task Adaptive Siamese Neural Networks for Open-Set Recognition of Encrypted Network Traffic With Bidirectional Dropout

Journal
Yi Huang; Ying Li; Timothy Heyes; Guillaume Jourjon; Adriel Cheng; Suranga Seneviratne; Kanchana Thilakarathna; Darren Webb; Richard Yi Da Xu
Pattern Recognition Letters
Publication year: 2022.05

Abstract:

Existing deep learning approaches have achieved high performance in encrypted network traffic analysis tasks. However, some realistic scenarios, such as open-set recognition on dynamically changing tasks, challenge previous methods. Classic few-shot learning methods are used widely for these tasks in certain domains, such as computer vision and natural language processing. Nonetheless, few-shot open-set recognition for encrypted network traffic is still an unexplored area. This paper proposes a probability based task adaptive Siamese open-set recognition model for encrypted network traffic classification. Our contributions are threefold: First, we introduce generated positive and negative pairs into the Siamese Neural Network training process to shape a more precise similarity boundary through bidirectional dropout data augmentation. Second, we utilize Dirichlet Process Gaussian Mixture Model (DPGMM) distribution to fit the similarity scores of the negative pairs constructed by the support set of each query task, and create a new open- set recognition metric. Third, by leveraging the extracted features from coarse and fine-granular levels, we construct a hierarchical cross entropy loss to improve the confidence of the similarity score. Extensive experiments on a network traffic dataset and the Omniglot dataset demonstrate the superiority of our proposed approaches, which can respectively obtain up to 4.5% and 1.2% performance gain in terms of accuracy as well as 4.0% and 1.8% in terms of area under the receiver operating characteristic (AUROC).

From Traffic Classes to Content: A Hierarchical Approach for Encrypted Traffic Classification

Journal
Ying Li, Yi Huang, Suranga Seneviratne, Kanchana Thilakarathna, Adriel Cheng, Guillaume Jourjon, Darren Webb, David B. Smith and Richard Yi Da Xu
Elsevier Computer Networks
Publication year: 2022.05

Abstract: The vast majority of Internet traffic is now end-to-end encrypted, and while encryption provides user privacy and security, it has made network surveillance an impossible task. Various parties are using this limitation to distribute problematic content such as fake news, copy-righted material, and propaganda videos. Recent advances in machine learning techniques have shown great promise in extracting content fingerprints from encrypted traffic captured at the various points in IP core networks. Nonetheless, content fingerprinting from listening to encrypted wireless traffic remains a challenging task due to the difficulty in distinguishing re-transmissions and multiple flows on the same link. In this paper, we show the potential of fingerprinting internet traffic by passively sniffing WiFi frames in air, without connecting to the WiFi network by leveraging deep learning methods. First, we show the possibility of building a generic traffic classifier using a hierarchical approach that is able to identity most common traffic types in the Internet and reveal fine-granular details such as identifying the exact content of the traffic. Second, we demonstrate the possibility of using Multi-Layer Perceptron (MLP) and Recurrent Neural Networks (RNNs) to identify streaming traffic, such as video and music, from a closed set, by sniffing WiFi traffic that is encrypted at both Media Access Control (MAC) and Transport layers. Overall, our results demonstrate that we can achieve over 95% accuracy in identifying traffic types such as web, video streaming, and audio streaming as well as identifying the exact content consumed by the user.

VideoTrain++: GAN-Based Adaptive Framework for Synthetic Video Traffic Generation

Journal
Chamara Madarasingha, Shashika R. Muramudalige, Guillaume Jourjon, Anura Jayasumana and Kanchana Thilakarathna
Elsevier Computer Network
Publication year: 2022.01

Abstract: Video streaming traffic has been dominating the global network and the challenges have exacerbated with the gaining popularity of interactive videos, a.k.a.360 videos, as they require more network resources. However, effective provision of network resources for video streaming traffic is problematic due to the inability to identify video traffic flows through the network because of end-to-end encryption. Despite the promise given for network security and privacy, end-to-end encryption also provides a shield for adversaries. To this end, encrypted traffic classification and content fingerprinting with advanced Machine Learning (ML) methods have been proposed. Nevertheless, achieving high performance requires a significant amount of training data, which is a challenging task in operational networks due to the sheer volume of traffic and privacy concerns. As a solution, in this paper, we propose a novel Generative Adversarial Network (GAN) based data generation solution to synthesize video streaming data for two different tasks, 360/normal video classification and video fingerprinting. The solution consists of a percentile-based data mapping mechanism to enhance the data generation process, which is further supported by novel algorithms for data pre-processing and GAN model training. Taking over 6600 actual video traces and generating over 150,000 new traces, our ML-based traffic classification results show a 5–16% of accuracy improvement in both tasks.

SKA Low Atomic COTS Correlator and Beamformer

Journal
G.A. Hampson, J.D. Bunton, D. Humphrey, K.J. Bengston, G. Jourjon, A.B. Bolin, Y. Chen, E.R. Troup, G.C. Babich, J.C. van Aardt
Journal of Astronomical Telescopes, Instruments, and Systems (JATIS)
Publication year: 2022.01

Abstract: The Square Kilometre Array (SKA) Low is a next generation radio telescope, consisting of 512 antenna stations spread over 65 km, to be built in Western Australia. The Correlator and BeamFormer (CBF) design is central to the telescope signal processing. CBF receives 6 Tera-bits-per-second (Tbps) of station data continuously and processes it in real time with a compute load of 2 peta-operations-per-second (Pops). The correlator calculates up to 22 million cross products between all pairs of stations, while the beamformers coherently sum station data to form more than 500 beams. The output of the correlator is up to 7 Tbps, and the beamformer 2 Tbps. The design philosophy, called “Atomic COTS”, is based on commercial-off-the-shelf (COTS) hardware. Data routing is implemented in network switches programmed using the P4 language and the signal processing occurs in COTS FPGA cards. The P4 language allows routing to be determined from the metadata in the Ethernet packets from the stations. That is, metadata describing the contents of the packet determines the routing. Each FPGA card inputs a fraction of the overall bandwidth for all stations and then implements the processing needed to generate complete science data products. Generation of complete science products in a single FPGA is named here as Atomic processing. A Tango distributed control system configures the multitude of processing modes as well as maintaining the overall health of the CBF system hardware. The resulting 6 Tbps in and 9 Tbps out, 2 Pops Atomic COTS network attached accelerator occupies five racks and consumes 60 kW.

Dissecting Traffic Fingerprinting CNNs with Filter Activations

Journal
Thilini Dahanayaka, Guillaume Jourjon and Suranga Seneviratne
Elsevier Computer Network
Publication year: 2022.01

HTTPS encrypted traffic flows leak information on underlying contents through various statistical properties such as packet lengths and timing, enabling traffic fingerprinting attacks. Recent traffic fingerprinting attacks leveraged Convolutional Neural Networks (CNNs) to record very high accuracies undermining state-of-the-art defenses. In this paper, we analyze such CNNs to understand their inner workings which helps in building efficient traffic classifiers and effective defenses. First, we experiment on three datasets and show that website fingerprinting CNNs focus majorly on transitions between uploads and downloads in trace fronts while video fingerprinting CNNs focus more on finer shapes of periodic bursts. Next, we show that traffic fingerprinting CNNs exhibit transfer learning capabilities allowing identification of new websites with fewer data. We also demonstrate how traffic fingerprinting CNNs outperform Recurrent Neural Networks (RNNs) due to their resilience to random shifts in data, which is common in network traces. We further generalize these observations on other publicly available network traffic datasets. Leveraging our observations, we propose two new defenses against traffic fingerprinting. Our first defense FRONT-U, defends website visits by obfuscating transitions between uploads and downloads in trace fronts and provides similar privacy as the state-of-the-art defense FRONT, with half the data overhead. Our second defense STOMA, defends streaming traffic by obfuscating the finer sub-bursts within major bursts of a trace using only the nextfew seconds as opposed to using the entire trace as in the state-of-the-art.

SETA++: Real-Time Scalable Encrypted Traffic Analytics in Multi-Gbps Networks

Journal
Chamara Kattadige, Kwon Nung Choi, Achintha Wijesinghe, Arpit Nama, Kanchana Thilakarathna, Suranga Seneviratne, Guillaume Jourjon
IEEE Transactions on Network and Service Management
Publication year: 2021.05

A Multi-modal Neural Embeddings Approach for Detecting Mobile Counterfeit Apps: A Case Study on Google Play Store

Journal
Naveen Karunanayake, Jathushan Rajasegaran, Ashanie Gunathillake, Suranga Seneviratne, Guillaume Jourjon
IEEE Transactions on Mobile Computing
Publication year: 2020.07

Fast and Private Network Function Outsourcing

Journal
H. Asghar, E. de Cristofaro, G. Jourjon, M. A. Kaafar, L. Mathy, L. Melis, C. Russell
Elsevier Computer Network
Publication year: 2019.11

An SDN Perspective on Multi-connectivity and Seamless Flow Migration

Journal
S. Hatonen, MTI ul Huque, A. Rao, G. Jourjon, V. Gramoli, and S. Tarkoma
IEEE Networking Letter
Publication year: 2019.11

Software Defined Network’s Garbage Collection with Clean-Up Packets

Journal
MTI ul Huque, G. Jourjon, C. Russell, and V. Gramoli
IEEE Transactions on Network and Service Management
Publication year: 2019.06

A Delay-Tolerant Payment Scheme Based On Blockchain

Journal
Y. Hu, A. Manzoor, P. Ekparinya, M. Liyanage, K. Thilakarathna, G. Jourjon, A. Seneviratne, and M. Ylianttila
IEEE Access, vol. 7, Mar. 2019
Publication year: 2019.03

Measuring, Characterizing, and Detecting Facebook Like Farms

Journal
M. Ikram, L. Onwuzurike, S. Farooqi, E. De Cristofaro, A. Friedman, G. Jourjon, M. A. Kaafar, Z. Shafiq
ACM Transactions on Privacy and Security, Volume 20, Issue 4, September 2017, pp. 13:1–13:2
Publication year: 2017.09

Garbage Collection of Forwarding Rules in Software Defined Networks

Journal
MTI ul Huque, G. Jourjon, V. Gramol
IEEE Communications Magazine, June 2017
Publication year: 2017.06

Large-Scale Dynamic Controller Placement.

Journal
MTI ul Huque, W. Si, G. Jourjon, V. Gramoli
IEEE Transactions on Network and Service Management, Volume 14, Issue 1, March 2017
Publication year: 2017.03

FORGE Toolkit: Leveraging Distributed Systems in eLearning Platforms.

Journal
G. Jourjon, J. M. Marquez-Barja, T. Rakotoarivelo, A. Mikroyannidis, K. Lampropoulos, S. Denazis, Christos Tranoris, D. Pareit, J. Domingue, L. A DaSilva, and M. Ott
IEEE Transactions on Emerging Topics in Computing, Vol. 5 (1), pp: 7 - 19, Jan. 2017.
Publication year: 2017.01

Designing and Orchestrating Reproducible Experiments on Federated Networking Testbeds

Journal
T. Rakotoarivelo, G. Jourjon and M. Ott
Elsevier Computer Networks, vol. 63, Apr. 201
Publication year: 2014.04

An Instrumentation Framework for the Critical Task of Measurement Collection in the Future Internet

Journal
O. Mehani, G. Jourjon, T. Rakotoarivelo and M. Ott
Elsevier Computer Networks, vol. 63, pp. 68–83, Apr. 201
Publication year: 2014.04

Promoting the Use of Reliable Rate Based Transport Protocols: The Chameleon Protocol

Journal
E. Lochin, G. Jourjon, S. Ardon and P. Senac
International Journal of Internet Protocol Technology, Volume 5, Issue 4, pp 175–189, Dec. 2010
Publication year: 2010.12

OMF: a Control and Management Framework for Networking Testbeds

Journal
T. Rakotoarivelo, M. Ott, G. Jourjon and I. Seskar
ACM Operating System Review, Volume 43, Issue 4, pp 54–59, Jan. 201
Publication year: 2010.01

Towards sender-based TFRC

Journal
G. Jourjon, E. Lochin and P. Senac
Journal of Internet Engineering, Volume 3, Issue 1, 2009, pp 193–201
Publication year: 2009.03

Design, Implementation and Evaluation of a QoS-aware Transport Protocol

Journal
G. Jourjon, E. Lochin and P. Senac
Elsevier Computer Communications Journal, Vol. 31, Issue 9, June 2008
Publication year: 2008.06

IREEL: Remote Experimentation with Real Protocols and Applications over Emulated Network

Journal
L. Dairaine, G. Jourjon, E. Lochin and S. Ardon
Inroads, the ACM SIGCSE Bulletin, Volume 39, Issue 2, June 2007, pp 92–9
Publication year: 2007.06

Optimization of Loss History Initialization

Journal
G. Jourjon, E. Lochin and L. Dairaine
EEE Communications Letters, Volume 11, Number 3, March 2007, pp 276–27
Publication year: 2007.03

gTFRC, a TCP Friendly QoS-aware Rate Control for Diffserv Assured Service

Journal
E. Lochin, L. Dairaine and G. Jourjon
Springer Telecommunication Systems Journal, Volume 33, Numbers 1-3 / December, 2006
Publication year: 2006.12