Luca Deri
Luca Deri is the leader of the ntop project (www.ntop.org), aimed at developing an open-source monitoring platform for high-speed traffic analysis and cybersecurity. He worked for the University College of London and IBM Research, before receiving his PhD at the University of Berne with a thesis about software components for traffic monitoring applications. Well-known in the open-source and Linux community, he currently shares his time between the ntop project and the University of Pisa where he has been appointed as a lecturer in the CS department.
Session
At SharkFest '24, we introduced the fundamentals of open-source deep packet inspection (DPI) using nDPI. Since then, network adversaries and stealth VPN providers have significantly evolved, rendering traditional methods like JA4 insufficient against heavily obfuscated traffic. This 1-hour follow-up session is split into two core sections.First, we explore advanced traffic fingerprinting techniques that surpass current state-of-the-art standards.
- We will demonstrate how to leverage Wireshark to capture, dissect, and label complex traffic streams to drive these new nDPI capabilities.
- We address what happens when fingerprinting fails against highly evasive protocols.
- We will show how Wireshark data feeds into a data pipeline to train Transformer-based AI models to unmask stealth VPN traffic.
- The session concludes with a live demonstration showcasing both advanced DPI extensions and the AI model detecting disguised traffic in real time.