Eva Papadogiannaki scite author profile

The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure communications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.

show abstract

OTTer: A Scalable High-Resolution Encrypted Traffic Identification Engine

Papadogiannaki¹,

Halevidis²,

Akritidis³

et al. 2018

View full text Add to dashboard Cite

Efficient Software Packet Processing on Heterogeneous and Asymmetric Hardware Architectures

Papadogiannaki

Koromilas

Vasiliadis

et al. 2017

IEEE/ACM Trans. Networking

View full text Add to dashboard Cite

Head(er)Hunter: Fast Intrusion Detection using Packet Metadata Signatures

Papadogiannaki¹,

Deyannis²,

Ioannidis³

2020

View full text Add to dashboard Cite

Acceleration of Intrusion Detection in Encrypted Network Traffic Using Heterogeneous Hardware

Papadogiannaki

Ioannidis

2021

Sensors

View full text Add to dashboard Cite

More than 75% of Internet traffic is now encrypted, and this percentage is constantly increasing. The majority of communications are secured using common encryption protocols such as SSL/TLS and IPsec to ensure security and protect the privacy of Internet users. However, encryption can be exploited to hide malicious activities, camouflaged into normal network traffic. Traditionally, network traffic inspection is based on techniques like deep packet inspection (DPI). Common applications for DPI include but are not limited to firewalls, intrusion detection and prevention systems, L7 filtering, and packet forwarding. With the widespread adoption of network encryption though, DPI tools that rely on packet payload content are becoming less effective, demanding the development of more sophisticated techniques in order to adapt to current network encryption trends. In this work, we present HeaderHunter, a fast signature-based intrusion detection system even for encrypted network traffic. We generate signatures using only network packet metadata extracted from packet headers. In addition, we examine the processing acceleration of the intrusion detection engine using different heterogeneous hardware architectures.

show abstract

Pythia: Scheduling of Concurrent Network Packet Processing Applications on Heterogeneous Devices

Giakoumakis¹,

Papadogiannaki²,

Vasiliadis³

et al. 2020

View full text Add to dashboard Cite

Modern commodity computing systems are composed of a number of heterogeneous processing units, each one with its own unique performance and energy characteristics. However, the majority of current network packet processing frameworks targets only one device (either the CPU or an accelerator), leaving the remaining computational resources underutilized or even idle. In this paper, we propose an adaptive scheduling approach for network packet processing applications that exploits any heterogeneous architecture that can be found in a commodity high-end hardware setup. Our scheduler not only distributes the workloads to the appropriate devices in the system to achieve the desired performance results, but also enables the multiplexing of diverse, concurrently executed network packet processing applications, eliminating the interference effects introduced at run-time. The evaluation results show that our scheduler is able to tackle any interference in the shared hardware resources as well to respond quickly to dynamic fluctuations (e.g., application overloads, traffic bursts, infrastructural changes, etc.) that may occur at real time.

show abstract

Scheduling of multiple network packet processing applications using Pythia

et al. 2022

View full text Add to dashboard Cite

TrustAV

Deyannis

Papadogiannaki

Kalivianakis

et al. 2020

View full text Add to dashboard Cite

While the number of connected devices is constantly growing, we observe an increased incident rate of cyber attacks that target user data. Typically, personal devices contain the most sensitive information regarding their users, so there is no doubt that they can be a very valuable target for adversaries. Typical defense solution to safeguard user devices and data, are based in malware analysis mechanisms. To amortize the processing and maintenance overheads, the outsourcing of network inspection mechanisms to the cloud has become very popular recently. However, the majority of such cloud-based applications usually offers limited privacy preserving guarantees for data processing in third-party environments.In this work, we propose TrustAV, a practical cloud-based malware detection solution destined for a plethora of device types. TrustAV is able to offload the processing of malware analysis to a remote server, where it is executed entirely inside, hardware supported, secure enclaves. By doing so, TrustAV is capable to shield the transfer and processing of user data even in untrusted environments with tolerable performance overheads, ensuring that private user data are never exposed to malicious entities or honestbut-curious providers. TrustAV also utilizes various techniques in order to overcome performance overheads, introduced by the Intel SGX technology, and reduce the required enclave memory -a limiting factor for malware analysis executed in secure enclave environments-offering up to 3x better performance. CCS CONCEPTS• Security and privacy → Systems security; Intrusion detection systems; • Networks → Cloud computing.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.