ENTA

ENTA: Today, more than 80% of Internet traffic is encrypted. This is a good development for end users and organizations, providing them with data privacy. However, for IT security analysts, it is now harder to distinguish between legitimate and illegitimate traffic. Encrypted traffic renders much of the existing tool-chains for cybersecurity useless, as the ability to examine traffic content is lost. There is a need for innovative research and development of tools that will be able to provide visibility into encrypted traffic and detect cyber-attacks hiding in encrypted traffic. This project will explore three solutions based on Encrypted Network Traffic Analysis (ENTA) to: (i) identify encrypted applications and associated traffic classes (ii) identify cyber threats in the form of data exfiltration over encrypted channels and (iii) support automated discovery of encrypted IoT devices and detect rogue IoT devices. The objective of this project is to develop an encrypted traffic analysis platform with focus on the three aforementioned use cases. Key technologies that will be incorporated in ENTA include machine learning and deep learning along with high speed packet processing. All solutions will operate in real-time and scale to support high data rates. A key solution consideration is end user privacy protection by avoiding inspection of network traffic user payload. Tools developed in this project will be suitable for multiple markets. First, for companies providing managed security services (MSSP) and IT security departments of Enterprise networks, including Security Operation Centres. Second, Law Enforcement Agencies (LEA) will require tools that can provide visibility into encrypted traffic for public safety operations. Third, for DPI and cyber security vendors who require encrypted traffic classification and detection capabilities.