Today, more than 80% of Internet traffic is encrypted. This is a good development for end users
and organizations, providing them with data privacy. However, for IT security analysts, it is now
harder to distinguish between legitimate and illegitimate traffic. Encrypted traffic renders much of
the existing tool-chains for cybersecurity useless, as the ability to examine traffic content is lost.
There is a need for innovative research and development of tools that will be able to provide
visibility into encrypted traffic and detect cyber-attacks hiding in encrypted traffic. This project will
explore three solutions based on Encrypted Network Traffic Analysis (ENTA) to:
- identify encrypted applications and associated traffic classes
- identify cyber threats in the form of data exfiltration over encrypted channels and
- support automated discovery of encrypted IoT devices and detect rogue IoT devices.
The objective of this project is to develop an encrypted traffic analysis platform with focus on the
three aforementioned use cases. Key technologies that will be incorporated in ENTA include
machine learning and deep learning along with high speed packet processing. All solutions will
operate in real-time and scale to support high data rates. A key solution consideration is end user
privacy protection by avoiding inspection of network traffic user payload. Tools developed in this
project will be suitable for multiple markets. First, for companies providing managed security
services (MSSP) and IT security departments of Enterprise networks, including Security Operation
Centres. Second, Law Enforcement Agencies (LEA) will require tools that can provide visibility
into encrypted traffic for public safety operations. Third, for DPI and cyber security vendors who
require encrypted traffic classification and detection capabilities.