АВТОМАТИЧЕСКОЕ МАРКИРОВАНИЕ СЕТЕВОГО ТРАФИКА БРАУЗЕРА ДЛЯ АНАЛИЗА И КЛАССИФИКАЦИИ НА ПРИМЕРЕ ПЛАТФОРМЫ "REMOTETOPOLOGY"

Abstract

Purpose: Network traffic analysis is a security standard in most remote work systems. This task is becoming more complex every day due to the use of encryption systems on an increasing number of devices. The traditional method of traffic research in the OSI model does not provide the proper level of reliability. Method: Machine learning is one of the promising methods for solving the problem of network traffic analysis. In the first place is the identification of unwanted traffic, which can be interpreted as a tool for bypassing the system. In order for the system to be used in the educational and production process, it is necessary to take into account the issue of ergonomics of the solution. The influence of the monitoring and analysis system on the response rate. The purpose of the work: The purpose of the work is: the formation of tagged HTTP/HTTPS traffic data, to intercept encrypted tunnel traffic. It is proposed to develop a browser plugin whose tasks are to collect data from the user's browser using the Chromium API. The collected data is combined with network streams to form labeled data used later for ML model training datasets. Novelty: The novelty elements of the presented solution are the use of Machine learning to classify network traffic based on labeled data. Result: using the presented solution for automatic marking of browser network traffic for analysis and classification, we decided to consider the operation of each system in an independent encrypted channel. The launch of the RemoteTopology project has been switched to HTTP, while each connection is performed in its own VPN session and guarantees the security of the connection. Within the connection, the marking of streams is performed, which allows you to quickly and efficiently process data for subsequent ML analysis. Practical relevance: the presented solution is proposed to be implemented within the framework of the RemoteTopology platform to identify in real time deviations between the reference system that already identifies the user and "undesirable systems" that the user can use to bypass the protection system.