Poster: Enhancing Network Traffic Analysis with Pre-trained Side-channel Feature Imputation
Pages 5033 - 5035
Abstract
The recent advances in learning-based methodologies has underscored their efficacy in deducing patterns from the side-channel features of encrypted network traffic. Nonetheless, the distribution of these features has been identified as susceptible, particularly in the expansive and intricate network topologies characteristic of the modern Internet. The unpredictability of traffic bursts can result in packet loss during retransmission, thereby generating fragmented feature patterns. Unfortunately, current approaches struggle to adapt to such fragmented features, often leading to a substantial decline in performance. To surmount this challenge, this paper introduces a pre-training-based augmentation framework, denoted as Nüwa, which imputes the side-channel features of encrypted network traffic. The crux of Nüwa lies in its ability to reconstruct the side-channel features, with a particular focus on the temporal attributes of the missing packets within a traffic session. Nüwa is comprised of a word-level Sequence2Embedding module, a Traffic Noise-based Self-supervised Pre-trained Masking Strategy, and a Traffic Side-Channel Feature Imputation Module. Experiments across four diverse real-world scenarios substantiate Nüwa's capacity to restore the performance of prevalent temporal models while maintaining the integrity of the imputed features.
References
[1]
Huaifeng Bao and others. Stories behind decisions: Towards interpretable malware family classification with hierarchical attention. Computers & Security, 144:103943, 2024.
[2]
Wenhao Li et al. Prism: Real-time privacy protection against temporal network traffic analyzers. IEEE Trans. Inf. Forensics Secur., 18:2524--2537, 2023.
[3]
Wenhao Li et al. Prograph: Robust network traffic identification with graph propagation. IEEE/ACM Trans. Netw., 31(3):1385--1399, 2023.
[4]
Xinjie Lin et al. ET-BERT: A contextualized datagram representation with pretraining transformers for encrypted traffic classification. InWWW, pages 633--642. ACM, 2022.
[5]
Chang Liu et al. Fs-net: A flow sequence network for encrypted traffic classification. In INFOCOM, pages 1171--1179. IEEE, 2019.
[6]
Meng Shen et al. Machine learning-powered encrypted network traffic analysis: A comprehensive survey. IEEE Commun. Surv. Tutorials, 25(1):791--824, 2023.
[7]
Li-Zhuang Tan et al. A packet loss monitoring system for in-band network telemetry: Detection, localization, diagnosis and recovery. IEEE Trans. Netw. Serv. Manag., 18(4):4151--4168, 2021.
[8]
Pascal Vincent et al. Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion. J. Mach. Learn. Res., 11:3371--3408, 2010.
[9]
George Zerveas et al. A transformer-based framework for multivariate time series representation learning. In KDD, pages 2114--2124. ACM, 2021.
[10]
Ziming Zhao et al. Ernn: Error-resilient rnn for encrypted traffic detection towards network-induced phenomena. IEEE Transactions on Dependable and Secure Computing, pages 1--18, 2023.
Index Terms
- Poster: Enhancing Network Traffic Analysis with Pre-trained Side-channel Feature Imputation
Recommendations
Poster: Boosting Adversarial Robustness by Adversarial Pre-training
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityVision Transformer (ViT) shows superior performance on various tasks, but, similar to other deep learning techniques, it is vulnerable to adversarial attacks. Due to the differences between ViT and traditional CNNs, previous works designed new ...
Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityModern operating systems use hardware support to protect against control-flow hijacking attacks such as code-injection attacks. Typically, write access to executable pages is prevented and kernel mode execution is restricted to kernel code pages only. ...
Enhancing deep learning-based side-channel analysis using feature engineering in a fully simulated IoT system
AbstractThe increasing integration of cloud and embedded systems has made security more critical. Despite efforts to implement countermeasures against attacks, new threats have constantly emerged. Deep learning (DL) is most notable for side-channel ...
Highlights- Feature engineering enhances DL-based side-channel disassembly.
- Side-channel disassembler detects hiding countermeasures with 98.81% accuracy.
- Power traces of cryptographic algorithms simulated using ELMO.
- Method captures ...
Comments
Information & Contributors
Information
Published In
December 2024
5188 pages
ISBN:9798400706363
DOI:10.1145/3658644
- General Chairs:
- Bo Luo,
- Xiaojing Liao,
- Jun Xu,
- Program Chairs:
- Engin Kirda,
- David Lie
Copyright © 2024 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 December 2024
Check for updates
Author Tags
Qualifiers
- Poster
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 182Total Downloads
- Downloads (Last 12 months)182
- Downloads (Last 6 weeks)90
Reflects downloads up to 08 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in