Cache-based characterization: A low-infrastructure, distributed alternative to network-based traffic and application characterization

Anatoly Shusterman, Chen Finkelstein, Ofir Gruner, Yarin Shani, Yossi Oren

Research output: Contribution to journalArticlepeer-review

Abstract

It is important for network operators to carry out traffic and application characterization to gain insights into the activity of their networks. Several studies proposed methods that extract features from network traffic to characterize it, or to classify the application that produced it, based on a “man in the middle” network interception point that can analyze the entire network traffic of an organization. This network topology, however, is increasingly becoming irrelevant, due to mobile and remote traffic joining the corporate network by passing through VPN channels or relay networks. In this work we propose an edge-oriented lightweight traffic characterization method, based on measuring contention on the last-level CPU cache. In contrast to previous traffic characterization methods, which track network traffic from a central location, our method performs measurements directly on user machines, using an unprivileged JavaScript-based webpage. Our evaluation shows that the accuracy of our cache-based method is equivalent to that of network-based methods, both over VPN and over non-VPN networks.

Original languageEnglish
Article number108550
JournalComputer Networks
Volume200
DOIs
StatePublished - 9 Dec 2021

Keywords

  • Communication network protocols
  • Cyber–physical systems
  • Network security and privacy
  • Side channel analysis

Fingerprint

Dive into the research topics of 'Cache-based characterization: A low-infrastructure, distributed alternative to network-based traffic and application characterization'. Together they form a unique fingerprint.

Cite this