Publication Details

Acceleration of Feature Extraction for Real-Time Analysis of Encrypted Network Traffic

VRÁNA Roman, KOŘENEK Jan and NOVÁK David. Acceleration of Feature Extraction for Real-Time Analysis of Encrypted Network Traffic. In: Proceedings - 2019 22nd International Symposium on Design and Diagnostics of Electronic Circuits and Systems, DDECS 2019. Cluj-Napoca: Institute of Electrical and Electronics Engineers, 2019, pp. 1-6. ISBN 978-1-7281-0073-9.
Czech title
Akcelerace extrakce parametrů pro analýzu šifrovaného síťového provozu v reálném čase
Type
conference paper
Language
english
Authors
Vrána Roman, Ing. (DCSY FIT BUT)
Kořenek Jan, doc. Ing., Ph.D. (DCSY FIT BUT)
Novák David, Bc. (FIT BUT)
Keywords
  • Entropy
  • Feature extraction
  • Payloads
  • Cryptography
  • Real-time systems
  • Acceleration
  • Computer architecture
Abstract

With the growing amount of encrypted network traffic, it is important to have tools for the analysis and classification of encrypted network data. Encrypted network traffic is usually analysed by statistical methods because Deep Packet Inspection or pattern matching is not applicable. However, the statistical methods are usually designed to work offline on already captured network traffic. For real-time analysis, hardware acceleration is needed to achieve wire-speed 10 Gbps throughput. Therefore, we focus on real-time monitoring of encrypted network traffic and propose a new acceleration method to extract features from encrypted network data. Approximate computing is used to speed up the computation of entropy for the input data stream and to reduce FPGA logic utilization. As can be seen in the results, the precision of classification has decreased only by 0.1 to 0.2. Moreover, proposed hardware architecture has very low FPGA logic utilization and can operate on high frequency.

Annotation

With the growing amount of encrypted network traffic, it is important to have tools for the analysis and classification of encrypted network data. Encrypted network traffic is usually analysed by statistical methods because Deep Packet Inspection or pattern matching is not applicable. However, the statistical methods are usually designed to work offline on already captured network traffic. For real-time analysis, hardware acceleration is needed to achieve wire-speed 10 Gbps throughput. Therefore, we focus on real-time monitoring of encrypted network traffic and propose a new acceleration method to extract features from encrypted network data. Approximate computing is used to speed up the computation of entropy for the input data stream and to reduce FPGA logic utilization. As can be seen in the results, the precision of classification has decreased only by 0.1 to 0.2. Moreover, proposed hardware architecture has very low FPGA logic utilization and can operate on high frequency.

Published
2019
Pages
1-6
Proceedings
Proceedings - 2019 22nd International Symposium on Design and Diagnostics of Electronic Circuits and Systems, DDECS 2019
Conference
22nd IEEE International Symposium on Design and Diagnostics of Electronic Circuits and Systems 2019, Doubletree by Hilton hotel, 9-13 Sindicatelor Street, Cluj, 400029, Romania, RO
ISBN
978-1-7281-0073-9
Publisher
Institute of Electrical and Electronics Engineers
Place
Cluj-Napoca, RO
DOI
UT WoS
000492839800022
EID Scopus
BibTeX
@INPROCEEDINGS{FITPUB11899,
   author = "Roman Vr\'{a}na and Jan Ko\v{r}enek and David Nov\'{a}k",
   title = "Acceleration of Feature Extraction for Real-Time Analysis of Encrypted Network Traffic",
   pages = "1--6",
   booktitle = "Proceedings - 2019 22nd International Symposium on Design and Diagnostics of Electronic Circuits and Systems, DDECS 2019",
   year = 2019,
   location = "Cluj-Napoca, RO",
   publisher = "Institute of Electrical and Electronics Engineers",
   ISBN = "978-1-7281-0073-9",
   doi = "10.1109/DDECS.2019.8724658",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/11899"
}
Back to top