MS Thesis Defense
Stateless Detection of Malicious Traffic:
Emphasis on User Privacy
Paul Halvorsen
1:00pm Monday, 3 December 2012, ITE 346, UMBC
In order to allow flexibility in deployment location and to preserve user privacy we have performed research into stateless classification of network traffic. Stateless detection allows for flexibility in deployment location because traffic on a network does not necessarily follow the same path to and from the end points. By only requiring a single direction of traffic, we have the ability to deploy this classifier anywhere on a network. We also do not require the data from a packet which preserves user privacy and allows for the classification of encrypted traffic.
Our research shows that it is possible to determine if traffic is malicious by using packets traveling in a single direction and without the data contained in the packet. Our research shows that with the use of the timing of the packets, time to live value, and source and destination IP addresses and ports, it is possible to determine if the traffic is malicious. In this way we are able to deploy the classifier anywhere on a network, preserve user privacy, and classify encrypted traffic.
Committee members:
- Dr. Anupam Joshi (chair)
- Dr. Charles Nicholas
- Dr. Tim Finin