Encrypted video traffic clustering demystified

Amit Dvir, Angelos K. Marnerides, Ran Dubin, Nehor Golan, Chen Hajaj

Research output: Contribution to journalArticlepeer-review

12 Scopus citations

Abstract

Cyber threat intelligence officers and forensics investigators often require the behavioural profiling of groups based on their online video viewing activity. It has been demonstrated that encrypted video traffic can be classified under the assumption of using a known subset of video titles based on temporal video viewing trends of particular groups. Nonetheless, composing such a subset is extremely challenging in real situations. Therefore, this work exhibits a novel profiling scheme for encrypted video traffic with no a priori assumption of a known subset of titles. It introduces a seminal synergy of Natural Language Processing (NLP) and Deep Encoder-based feature embedding algorithms with refined clustering schemes from off-the-shelf solutions, in order to group viewing profiles with unknown video streams. This study is the first to highlight the most computationally effective, accurate combinations of feature embedding and clustering using real datasets, thereby, paving the way to future forensics tools for automated behavioural profiling of malicious actors.

Original languageEnglish
Article number101917
JournalComputers and Security
Volume96
DOIs
StatePublished - Sep 2020
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 2020 Elsevier Ltd

Funding

This work was supported by the Ariel Cyber Innovation Center in conjunction with the Israel National Cyber directorate in the Prime Minister’s Office. In addition, research was supported in part by Security Lancaster, H2020 EC CONCORDIA GA #830927 and the EU H2020 EASY-RES project. Angelos K. Marnerides (M’07) received the M.Sc. (Distinction) and Ph.D degrees in Computer Science from Lancaster University, Lancaster, U.K. He is a tenured Assistant Professor of Computer Networking with the School of Computing and Communications, Lancaster University, U.K and the Director of the innovative Digital Infrastructure Defence (i-DID) group (i-DID: https://www.lancaster.ac.uk/security-lancaster/research/idid/ ). His research approach brings a data, measurement-driven and systems-oriented perspective to the study of security and resilience challenges for Internet-enabled cyber-physical systems, the Internet at scale and large-scale networked infrastructures. He has published 45+ papers in top-tier IEEE and ACM journals and conferences and has organised and chaired a number of prestigious conferences (e.g., IEEE CCNC) and workshops (e.g., IEEE INFOCOM CNTCV). His work has received significant funding from public funding agencies (such as EPSRC, EC, Innovate U.K., GCHQ) and the industry (such as Fujitsu, Raytheon, BAE) and he has been invited to act as an expert panel member and reviewer for research council funding bodies (e.g., Chilean CONECYT).

FundersFunder number
CONECYT
EU H2020
H2020 EC830927
Engineering and Physical Sciences Research Council
European Commission
Fujitsu
Innovate UK

    Keywords

    • Clustering
    • Encrypted traffic
    • NLP
    • Video title
    • Youtube

    Fingerprint

    Dive into the research topics of 'Encrypted video traffic clustering demystified'. Together they form a unique fingerprint.

    Cite this