AI in the Dark

Forskningsprojekt, 2025 – 2028

The advent of GDPR illustrates how privacy protection has become a rising customer demand. Passive network attacks (requiring no interaction with the network) can pose serious security and privacy risks, as the identification of systems, protocols and applications can lead to the exploitation of known vulnerabilities. Previous works have for instance demonstrated that medical records, financial or legal affairs can be leaked in network traces, opening the door to spear phishing attack schemes. Packet trace analysis has also been shown to bypass privacy-preservation measures taken by the user (as e.g. using content encryption through HTTPS, tunneling with VPNs, or web browsing with Tor for anonymized communication). In the literature, classical machine learning methods are employed in many of the aforementioned attacks but whenever network-layer information is also available, Deep Learning (DL) has shown to be way more versatile and scalable. On the positive side, when working with only readily available link-layer encrypted frames, AI is mainly in the Dark when fed with the sequence of packets, being blinded of the network source and destination of the captured traffic. Can we then make AI see in the dark? Scaling the existing ML-based classification systems to a wider range of applications necessitates to tackle the very challenging problem of network flow separation. In this project, we plan to make use of newly developed probabilistic models for packet bursts, protocol behaviors and packet filtering to achieve an enhanced data representation that can be fed to DL and hybrid traffic classification systems. The project’s goal is to be able to push forward the state of the art of network traffic classification without access to network headers. The expected outcome is twofold. On the one hand, the developed learning systems will allow us to be ahead of new possible attacks (or currently unknown surveillance systems already in place) so that counter-measures can be swiftly designed and implemented. On the other hand, we aim to implement new possibilities for packet inspection schemes.