Show simple item record

dc.contributor.authorLapczyk, Lukaszen
dc.date.accessioned2020-01-15T20:09:32Z
dc.date.available2020-01-15T20:09:32Z
dc.identifier.urihttp://hdl.handle.net/1974/27545
dc.description.abstractTraditional traffic monitoring relies on availability of unencrypted payload data inside of network packets, on which pattern match analysis is performed. With the growth in network traffic encryption, user behavioral monitoring has been severely hindered. Therefore, alternative methods are explored, such as machine learning for encrypted traffic classification which does not require decryption prior to analysis. In my study, I analyze encrypted Remote Desktop Protocol traffic from behavioral perspective on a network traffic dataset I generate. I develop a heterogeneous ensemble classification model that performs multi-label classification for five common RDP behaviors – Download, Browsing, Notepad, YouTube and Clipboard. The task is complicated as the data samples I generate may belong to one or more classes at the same time. I use Shapley Values to determine significant features and perform classification using the following techniques: SVM, KNN, Neural Network, Decision Tree, AdaBoost, Random Forest and XGBoost. The final model achieves a cross-validated minimum Precision of 97% and a minimum Recall of 94% for each of the five behavioral classes. Finally, I discuss some of the risks to privacy associated with the Remote Desktop Protocol traffic.en
dc.language.isoengen
dc.relation.ispartofseriesCanadian thesesen
dc.rightsQueen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canadaen
dc.rightsProQuest PhD and Master's Theses International Dissemination Agreementen
dc.rightsIntellectual Property Guidelines at Queen's Universityen
dc.rightsCopying and Preserving Your Thesisen
dc.rightsThis publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.en
dc.subjectTraffic Classificationen
dc.subjectCybersecurityen
dc.subjectEncrypted Trafficen
dc.titleBehavioral Modelling from Encrypted Remote Desktop Protocol Network Trafficen
dc.typethesisen
dc.description.degreeM.Sc.en
dc.contributor.supervisorSkillicorn, Daviden
dc.contributor.departmentComputingen
dc.degree.grantorQueen's University at Kingstonen


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record