Using deep packet inspection in CyberTraffic analysis
Abstract
In recent years we have observed an escalation of cybersecurity attacks, which are becoming more sophisticated and harder to detect as they use more advanced evasion techniques and encrypted communications. The research community has often proposed the use of machine learning techniques to overcome the limitations of traditional cybersecurity approaches based on rules and signatures, which are hard to maintain, require constant updates, and do not solve the problems of zero-day attacks. Unfortunately, machine learning is not the holy grail of cybersecurity: machine learning-based techniques are hard to develop due to the lack of annotated data, are often computationally intensive, they can be target of hard to detect adversarial attacks, and more importantly are often not able to provide explanations for the predicted outcomes. In this paper, we describe a novel approach to cybersecurity detection leveraging on the concept of security score. Our approach demonstrates that extracting signals via deep packet inspections paves the way for efficient detection using traffic analysis. This work has been validated against various traffic datasets containing network attacks, showing that it can effectively detect network threats without the complexity of machine learning-based solutions.