Presented by Lucas Lapczyck as a part of the 2020 Serene-risc Workshop on The State of Canadian Cybersecurity Conference: Human-Centric Cybersecurity.
About the presentation
Network traffic encryption is a widely adopted mechanism to prevent eavesdropping on network communications. Since traditional network monitoring approaches such as Deep Packet Inspection cannot be applied on encrypted traffic, there has been a growing interest in using data analytic techniques on statistical features. This enables the cyber defense teams to discover users’ activities in encrypted traffic, but it could also lead to compromise of privacy. Online behaviors may be exposed even though the traffic content remains encrypted. In our study, we examine Microsoft Remote Desktop Protocol (RDP) encrypted traffic to find out activities such as file download, web browsing, typing in notepad, watching online movies and using clipboard to copy and paste textual content. The dataset we generated for this study consists of samples with a single activity as well as mixtures of up to four simultaneous activities. Our predictive model achieves a minimum precision of 97% and a minimum recall of 94% for each activity. We show it is possible to predict fine-grained actions, such as mouse movements, clicks and sending keystrokes to build a user behavioral model, reveal a concealed activity or even predict inputted password lengths.
About the speaker
Lucas Lapczyk is a Security Engineer at Queen’s University, Center for Advanced Computing and a recent MSc graduate from Queen’s School of Computing. Therefore, he has had cyber security experience from both industrial and academic perspective. His research interests relate to Encrypted Traffic Analysis – how data analytics could be leveraged to discover suspicious activities in encrypted network traffic. He graduated from the University of London (LSE program) with BSc degree in Information Systems and Management and Diploma for Graduates in Social Sciences. In addition, he obtained multiple industry certifications, such as: SSCP, MCSE, CCNA and RHCSA.