Next Article in Journal
Teaching Theory of Probability and Statistics during the Covid-19 Emergency
Next Article in Special Issue
Towards a Secure Signature Scheme Based on Multimodal Biometric Technology: Application for IOT Blockchain Network
Previous Article in Journal
Adaptive Mechanism Model for the Prevention of SLA Violation in the Context of COPD Patient Monitoring
Previous Article in Special Issue
Automatic Repair of Semantic Defects Using Restraint Mechanisms
Open AccessArticle

Mitigation of Privacy Threats due to Encrypted Traffic Analysis through a Policy-Based Framework and MUD Profiles

Joint Research Centre, European Commission, 1050 Ispra, Italy
Institute of Theoretical and Applied Informatics of the Polish Academy of Sciences (IITiS PAN), 44-100 Gliwice, Poland
Author to whom correspondence should be addressed.
Symmetry 2020, 12(9), 1576;
Received: 23 August 2020 / Revised: 12 September 2020 / Accepted: 17 September 2020 / Published: 22 September 2020
It has been proven in research literature that the analysis of encrypted traffic with statistical analysis and machine learning can reveal the type of activities performed by a user accessing the network, thus leading to privacy risks. In particular, different types of traffic (e.g., skype, web access) can be identified by extracting time based features and using them in a classifier. Such privacy attacks are asymmetric because a limited amount of resources (e.g., machine learning algorithms) can extract information from encrypted traffic generated by cryptographic systems implemented with a significant amount of resources. To mitigate privacy risks, studies in research literature have proposed a number of techniques, but in most cases only a single technique is applied, which can lead to limited effectiveness. This paper proposes a mitigation approach for privacy risks related to the analysis of encrypted traffic which is based on the integration of three main components: (1) A machine learning component which proactively analyzes the encrypted traffic in the network to identify potential privacy threats and evaluate the effectiveness of various mitigation techniques (e.g., obfuscation), (2) a policy based component where policies are used to enforce privacy mitigation solutions in the network and (3) a network node profile component based on the Manufacturer Usage Description (MUD) standard to enable changes in the network nodes in the cases where the first two components are not effective in mitigating the privacy risks. This paper describes the different components and how they interact in a potential deployment scenario. The approach is evaluated on the public dataset ISCXVPN2016 and the results show that the privacy threat can be mitigated significantly by removing completely the identification of specific types of traffic or by decreasing the probability of their identification as in the case of VOIP by 50%, Chat by 40% and Browsing by 33%, thus reducing significantly the privacy risk. View Full-Text
Keywords: machine learning; encrypted traffic; policy based framework; privacy machine learning; encrypted traffic; policy based framework; privacy
Show Figures

Figure 1

MDPI and ACS Style

Baldini, G.; Hernandez-Ramos, J.L.; Nowak, S.; Neisse, R.; Nowak, M. Mitigation of Privacy Threats due to Encrypted Traffic Analysis through a Policy-Based Framework and MUD Profiles. Symmetry 2020, 12, 1576.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

Search more from Scilit
Back to TopTop