A Policy based Framework for Privacy-Respecting Deep Packet Inspection of High Velocity Network Traffic
Loading...
Files
Links to Files
Author/Creator
Author/Creator ORCID
Date
2019-05
Type of Work
Department
Program
Citation of Original Publication
A. Renjan, S. N. Narayanan and K. P. Joshi, "A Policy Based Framework for Privacy-Respecting Deep Packet Inspection of High Velocity Network Traffic," 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), Washington, DC, USA, 2019, pp. 47-52, doi: 10.1109/BigDataSecurity-HPSC-IDS.2019.00020.
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
©2019 IEEE
©2019 IEEE
Abstract
Deep Packet Inspection (DPI) is instrumental in
investigating the presence of malicious activity in network traffic,
and most existing DPI tools work on unencrypted payloads. As
the internet is moving towards fully encrypted data-transfer,
there is a critical requirement for privacy-aware techniques
to efficiently decrypt network payloads. Until recently, passive
proxying using certain aspects of TLS 1.2 were used to perform
decryption and further DPI analysis. With the introduction of
TLS 1.3 standard that only supports protocols with Perfect
Forward Secrecy (PFS), many such techniques will become
ineffective. Several security solutions will be forced to adopt
active proxying that will become a big-data problem considering
the velocity and veracity of network traffic involved. We have
developed an ABAC (Attribute Based Access Control) framework
that efficiently supports existing DPI tools while respecting user’s
privacy requirements and organizational policies. It gives the
user the ability to accept or decline access decision based on his
privileges. Our solution evaluates various observed and derived
attributes of network connections against user access privileges
using policies described with semantic technologies. In this paper,
we describe our framework and demonstrate the efficacy of our
technique with the help of use-case scenarios to identify network
connections that are candidates for Deep Packet Inspection. Since
our technique makes selective identification of connections based
on policies, both processing and memory load at the gateway will
be reduced significantly