TY - JOUR
T1 - Cache-based characterization
T2 - A low-infrastructure, distributed alternative to network-based traffic and application characterization
AU - Shusterman, Anatoly
AU - Finkelstein, Chen
AU - Gruner, Ofir
AU - Shani, Yarin
AU - Oren, Yossi
N1 - Publisher Copyright:
© 2021
PY - 2021/12/9
Y1 - 2021/12/9
N2 - It is important for network operators to carry out traffic and application characterization to gain insights into the activity of their networks. Several studies proposed methods that extract features from network traffic to characterize it, or to classify the application that produced it, based on a “man in the middle” network interception point that can analyze the entire network traffic of an organization. This network topology, however, is increasingly becoming irrelevant, due to mobile and remote traffic joining the corporate network by passing through VPN channels or relay networks. In this work we propose an edge-oriented lightweight traffic characterization method, based on measuring contention on the last-level CPU cache. In contrast to previous traffic characterization methods, which track network traffic from a central location, our method performs measurements directly on user machines, using an unprivileged JavaScript-based webpage. Our evaluation shows that the accuracy of our cache-based method is equivalent to that of network-based methods, both over VPN and over non-VPN networks.
AB - It is important for network operators to carry out traffic and application characterization to gain insights into the activity of their networks. Several studies proposed methods that extract features from network traffic to characterize it, or to classify the application that produced it, based on a “man in the middle” network interception point that can analyze the entire network traffic of an organization. This network topology, however, is increasingly becoming irrelevant, due to mobile and remote traffic joining the corporate network by passing through VPN channels or relay networks. In this work we propose an edge-oriented lightweight traffic characterization method, based on measuring contention on the last-level CPU cache. In contrast to previous traffic characterization methods, which track network traffic from a central location, our method performs measurements directly on user machines, using an unprivileged JavaScript-based webpage. Our evaluation shows that the accuracy of our cache-based method is equivalent to that of network-based methods, both over VPN and over non-VPN networks.
KW - Communication network protocols
KW - Cyber–physical systems
KW - Network security and privacy
KW - Side channel analysis
UR - http://www.scopus.com/inward/record.url?scp=85117908251&partnerID=8YFLogxK
U2 - 10.1016/j.comnet.2021.108550
DO - 10.1016/j.comnet.2021.108550
M3 - Article
AN - SCOPUS:85117908251
SN - 1389-1286
VL - 200
JO - Computer Networks
JF - Computer Networks
M1 - 108550
ER -