Title: Enabling line-rate network traffic analysis and device identification in large-scale networks

Date: Tuesday, May 28th, 2024

Time: 11:00 AM -- 1:00 PM EDT

Location (in-person): KACB 3402 

Zoom: https://gatech.zoom.us/j/98991128914

Committee:

Dr. Manos Antonakakis (Advisor), School of Electrical and Computer Engineering, Georgia Institute of Technology

Dr. Roberto Perdisci, School of Computing, University of Georgia

Dr. Angelos D. Keromytis, School of Electrical and Computer Engineering, Georgia Institute of Technology

Dr. Alberto Dainotti, School of Computer Science, Georgia Institute of Technology 

Abstract:

Internet of Things (IoT) devices have enjoyed impressive growth in recent years and are becoming increasingly integrated into our everyday lives. Unfortunately, they are notoriously vulnerable and a common target of malicious actors. As high-profile cybersecurity incidents over the years have become commonplace, detecting and enumerating those vulnerable devices is of great importance and a prerequisite for the timely development and deployment of the appropriate strategies to deal with cyberattacks and infections. Additionally, the residential networks, where those devices are often found, are characterized by massive amounts of data that hinder security analysis tasks, thus necessitating the deployment of efficient monitoring techniques.

Together, scalable device fingerprinting and security-aware traffic sampling empower security practitioners to address cyber threats in large networks more effectively. This thesis shows two novel applications of port scanning and passive analysis of network traffic for the identification of home devices. The focus is on detection approaches that are applicable in large networks. Finally, recognizing the critical need for efficient network monitoring, we propose a customizable framework designed to selectively capture network traffic segments most likely to contain security importance while simplifying or summarizing less critical data.