Loading [MathJax]/extensions/MathMenu.js
Monitoring IoT Encrypted Traffic with Deep Packet Inspection and Statistical Analysis | IEEE Conference Publication | IEEE Xplore

Monitoring IoT Encrypted Traffic with Deep Packet Inspection and Statistical Analysis


Abstract:

The pervasive use of encrypted protocols and new communication paradigms based on mobile and home IoT devices has obsoleted traffic analysis techniques that relied on cle...Show More

Abstract:

The pervasive use of encrypted protocols and new communication paradigms based on mobile and home IoT devices has obsoleted traffic analysis techniques that relied on clear text analysis. This has required new monitoring metrics being able to characterise, identify, and classify traffic not just in terms of network protocols but also behaviour and intended use. This paper reports the lessons learnt while analysing traffic in both home networks and the Internet, and it describes how monitoring metrics used in experiments have been implemented in an open source toolkit for deep packet inspection and traffic analysis. The validation process confirmed that combining the proposed metrics with deep packet inspection, it is possible to effectively characterise and fingerprint encrypted traffic generated by home IoT and non-IoT devices.
Date of Conference: 08-10 December 2020
Date Added to IEEE Xplore: 18 February 2021
ISBN Information:
Conference Location: London, United Kingdom

I. Introduction

Network traffic has changed significantly in terms of network protocols and behaviour. Today most of the network traffic is encrypted. As encryption is now pervasive in Internet traffic, it is becoming important to provide network visibility in this new changed scenario where clear-text protocols are used less frequently even though they are still relatively popular in LAN networks where obsolete operating systems and outdated IoT devices will be used for some more years. This means that we need to complement existing techniques with new measurements metrics able to inspect and characterise encrypted traffic for the purpose of identifying threats and changes in network traffic behaviour. In home networks the widespread use of IoT and healthcare devices that operate using cloud services has created new security issues as users no longer interact directly with the device but only through cloud services. This trend towards cloud-based security is present also on products manufactured by leading firewall vendors that can be accessed solely using a cloud console and no longer connecting to the firewall sitting on the company premises.

Contact IEEE to Subscribe

References

References is not available for this document.