Abstract
Cyber threat intelligence officers and forensics investigators often require the behavioural profiling of groups based on their online video viewing activity. It has been demonstrated that encrypted video traffic can be classified under the assumption of using a known subset of video titles based on temporal video viewing trends of particular groups. Nonetheless, composing such a subset is extremely challenging in real situations. Therefore, this work exhibits a novel profiling scheme for encrypted video traffic with no a priori assumption of a known subset of titles. It introduces a seminal synergy of Natural Language Processing (NLP) and Deep Encoder-based feature embedding algorithms with refined clustering schemes from off-the-shelf solutions, in order to group viewing profiles with unknown video streams. This study is the first to highlight the most computationally effective, accurate combinations of feature embedding and clustering using real datasets, thereby, paving the way to future forensics tools for automated behavioural profiling of malicious actors.
Original language | English |
---|---|
Article number | 101917 |
Journal | Computers and Security |
Volume | 96 |
DOIs | |
State | Published - Sep 2020 |
Externally published | Yes |
Bibliographical note
Publisher Copyright:© 2020 Elsevier Ltd
Funding
This work was supported by the Ariel Cyber Innovation Center in conjunction with the Israel National Cyber directorate in the Prime Minister’s Office. In addition, research was supported in part by Security Lancaster, H2020 EC CONCORDIA GA #830927 and the EU H2020 EASY-RES project. Angelos K. Marnerides (M’07) received the M.Sc. (Distinction) and Ph.D degrees in Computer Science from Lancaster University, Lancaster, U.K. He is a tenured Assistant Professor of Computer Networking with the School of Computing and Communications, Lancaster University, U.K and the Director of the innovative Digital Infrastructure Defence (i-DID) group (i-DID: https://www.lancaster.ac.uk/security-lancaster/research/idid/ ). His research approach brings a data, measurement-driven and systems-oriented perspective to the study of security and resilience challenges for Internet-enabled cyber-physical systems, the Internet at scale and large-scale networked infrastructures. He has published 45+ papers in top-tier IEEE and ACM journals and conferences and has organised and chaired a number of prestigious conferences (e.g., IEEE CCNC) and workshops (e.g., IEEE INFOCOM CNTCV). His work has received significant funding from public funding agencies (such as EPSRC, EC, Innovate U.K., GCHQ) and the industry (such as Fujitsu, Raytheon, BAE) and he has been invited to act as an expert panel member and reviewer for research council funding bodies (e.g., Chilean CONECYT).
Funders | Funder number |
---|---|
CONECYT | |
EU H2020 | |
H2020 EC | 830927 |
Engineering and Physical Sciences Research Council | |
European Commission | |
Fujitsu | |
Innovate UK |
Keywords
- Clustering
- Encrypted traffic
- NLP
- Video title
- Youtube