AI in the Dark

Forskningsprojekt, 2025 – 2028

The advent of GDPR illustrates how privacy protection has become a rising customer demand. Passive network attacks (requiring no interaction with the network) can pose serious security and privacy risks, as the identification of systems, protocols and applications can lead to the exploitation of known vulnerabilities. Moreover, previous works have demonstrated that the leaked information can reveal serious private information such as medical, financial and legal affairs or sexual orientation that can later be used in spear phishing attack schemes. Packet trace analysis has for example been shown to be capable of bypassing privacy-preservation measures taken by the user (as e.g. using content encryption through HTTPS, tunneling with VPNs, or web browsing with Tor for anonymized communication). In the literature, classical machine learning methods are employed in many of the aforementioned attacks but whenever network-layer information is also available, deep learning has shown to be much more versatile and scalable. On the positive side, when working with only readily available link-layer encrypted frames, the AI is mainly in the dark when fed with the sequence of packets, being blinded of the network source and destination of the captured traffic. Can we then make the AI see in the dark? Scaling the existing ML-based classification systems to a wider range of applications necessitates to tackle the very challenging problem of network flow separation. In this project, we plan to make use of newly developed probabilistic models for packet bursts, protocol behaviors and packet filtering to achieve an enhanced data representation that can be fed to DL traffic classification systems. The project’s goal is to be able to perform network traffic classification without access to network headers. The expected outcome is twofold. On the one hand, the developed learning systems will allow us to be ahead of new possible attacks (or currently unknown surveillance systems already in place) so that counter-measures can be swiftly designed and implemented. On the other hand, we aim to implement new possibilities for packet inspection schemes.