전자통신동향분석 (Electronics and Telecommunications Trends)

한국전자통신연구원 (Electronics and Telecommunications Research Institute)
권호 표지
DOI QR코드

DOI QR Code

네트워크 이상행위 탐지를 위한 암호트래픽 분석기술 동향

Trends of Encrypted Network Traffic Analysis Technologies for Network Anomaly Detection

  • 최양서 (지능형네트워크보안연구실) ;
  • 유재학 (지능형네트워크보안연구실) ;
  • 구기종 (지능형네트워크보안연구실) ;
  • 문대성 (지능형네트워크보안연구실)
  • Y.S. Choi ;
  • J.H. Yoo ;
  • K.J. Koo ;
  • D.S. Moon
  • 발행 : 2023.10.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

With the rapid advancement of the Internet, the use of encrypted traffic has surged in order to protect data during transmission. Simultaneously, network attacks have also begun to leverage encrypted traffic, leading to active research in the field of encrypted traffic analysis to overcome the limitations of traditional detection methods. In this paper, we provide an overview of the encrypted traffic analysis field, covering the analysis process, domains, models, evaluation methods, and research trends. Specifically, it focuses on the research trends in the field of anomaly detection in encrypted network traffic analysis. Furthermore, considerations for model development in encrypted traffic analysis are discussed, including traffic dataset composition, selection of traffic representation methods, creation of analysis models, and mitigation of AI model attacks. In the future, the volume of encrypted network traffic will continue to increase, particularly with a higher proportion of attack traffic utilizing encryption. Research on attack detection in such an environment must be consistently conducted to address these challenges.

키워드

과제정보

본 논문은 2023년도 정부(과학기술정보통신부)의 재원으로 정보통신기획평가원의 지원을 받아 수행된 연구임[No. RS-2023-00235509, ICT융합 공공 서비스·인프라의 암호화 사이버위협에 대한 네트워크 행위기반 보안관제기술 개발].

참고문헌

  1. Google, HTTPS encryption on the web, Google Transparency Report, 2023. 4., https://transparencyreport.google.com/https/overview?hl=kr
  2. M. Shen et al., "Machine learning-powered encrypted network traffic analysis: A comprehensive survey," IEEE Commun. Surv. Tutor., vol. 25, no. 1, 2023.
  3. D. Desai, "2020: The State of Encrypted Attacks. Zscaler," Retrieved Feb. 24, 2021, https://www.zscaler.com/blogs/security-research/2020-state-encrypted-attacks
  4. https://www.tcpdump.org/
  5. IETF RFC 8446, The Transport Layer Security(TLS) Protocol Version 1.3, Aug. 2018, https://www.ietf.org/rfc/rfc8446.txt
  6. P. Sirinam et al., "Deep fingerprinting: Undermining website fingerprinting defenses with deep learning," in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., (Toronto, Canada), Oct. 2018, pp. 1928-1943.
  7. M. Shen et al., "Accurate decentralized application identification via encrypted traffic analysis using graph neural networks," IEEE Trans. Inf. Forensics Secur., vol. 16, 2021, pp. 2367-2380. https://doi.org/10.1109/TIFS.2021.3050608
  8. T. Shapira and Y. Shavitt, "FlowPic: A generic representation for encrypted traffic classification and applications identification," IEEE Trans. Netw. Service Manag., vol. 18, no. 2, 2021, pp. 1218-1232. https://doi.org/10.1109/TNSM.2021.3071441
  9. 김홍비, 이태진, "정보보호 분야의 XAI 기술 동향," 정보보호학회지, 제31권 제5호, 2021.
  10. J. Lever, "Classification evaluation," Nature Methods, vol. 13, no. 8, 2016, pp. 603-604. https://doi.org/10.1038/nmeth.3945
  11. G. Stergiopoulos et al., "Automatic detection of various malicious traffic using side channel features on TCP packets," Computer Security, Springer, Cham, Switzerland, 2018, pp. 346-362.
  12. CTU-13 dataset, CTU University, Czech Republic, 2011, https://mcfp.felk.cvut.cz/publicDatasets/CTUMalware-Capture-Botnet-1/
  13. First.org, Hands-on Network Forensics-Training PCAP dataset from FIRST 2015, www.first.org/assets/conf2015/networkforensicsvirtualbox.zip
  14. Milicenso, Ponmocup Malware dataset, Update 2012-10-07, http://security-research.dyndns.org/pub/botnet/ponmocup/analysis2012-10-05/analysis.txt (Accessed 1 Jan. 2018)
  15. X. Qin, T. Xu, and C. Wang, "DDoS attack detection using flow entropy and clustering technique," in Proc. Int. Conf. Comput. Intell. Secur. (CIS), (Shenzhen, China), 2015, pp. 412-415.
  16. M. Zolotukhin et al., "Data mining approach for detection of DDoS attacks utilizing SSL/TLS protocol," Internet of Things, Smart Spaces, and Next Generation Networks and Systems, Springer, Cham, Switzerland, 2015, pp. 274-285.
  17. Y. Zeng et al., "Deep-full-range: A deep learning based network encrypted traffic classification and intrusion detection framework," IEEE Access, vol. 7, 2019, pp. 45182-45190. https://doi.org/10.1109/ACCESS.2019.2908225
  18. M. Zolotukhin et al., "Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic," in Proc. IEEE 23rd Int. Conf. Telecommun. (ICT), (Thessaloniki, Greece), May 2016, pp. 1-6.
  19. J. David et al., "DDoS attack detection using fast entropy approach on flow-based network traffic," Procedia Comput. Sci., vol. 50, 2015, pp. 30-36. https://doi.org/10.1016/j.procs.2015.04.007
  20. S. Garg, S.K. Peddoju, and A.K. Sarje, "Network-based detection of Android malicious apps," Int. J. Inf. Secur. vol. 16, no. 4, 2017, pp. 385-400. https://doi.org/10.1007/s10207-016-0343-z
  21. T. Gu et al., "IoTGaze: IoT security enforcement via wireless context analysis," in Proc. IEEE INFOCOM Conf. Comput. Commun., (Toronto, Canada), Jul. 2020, pp. 884-893.
  22. J. Feng et al., "A two-layer deep learning method for Android malware detection using network traffic," IEEE Access, vol. 8, 2020, pp. 125786-125796. https://doi.org/10.1109/ACCESS.2020.3008081
  23. P. Prasse et al., "Malware detection by analysing network traffic with neural networks," in Proc. IEEE SPW, (San Jose, CA, USA), May 2017, pp. 205-210.
  24. S.B. Banihashem and E. Aktharkavan, "Encrypted network traffic classification using deep learning method," in Proc. Int. Conf. Web Res. (ICWR), (Tehran, Iran), May 2022.