Loading Events

« All Events

  • This event has passed.

Understanding Encrypted Traffic Using “Joy” for Monitoring and Forensnic

Aug 15, 2018 @ 1:00 pm - 2:30 pm

Understanding Encrypted Traffic Using “Joy” for Monitoring and Forensnic


Bill Hudson – Cisco – Technical Leader Security and Trust Organization


The Joy open source package can track network flows and report on data features beyond those in Netflow, such as the distribution of bytes, the entropy, and the sequence of packet lengths and arrival times, as well as detailed information from TLS headers. With this data, we can better detect and understand encrypted traffic. This approach is valuable for detecting and analyzing malicious traffic, and for auditing the quality of the cryptography used to secure critical applications and communications. This session covers the Joy package, the data features that it can capture and the JSON format in which it reports data, and several use cases involving packet forensics and network monitoring.

Joy has helped support the research that paved the way for Cisco‚Äôs Encrypted Traffic Analytics (ETA), but it is not directly integrated into any of the Cisco products or services that implement ETA. The classifiers in Joy were trained on a small dataset several years ago, and do not represent the classification methods or performance of ETA. The intent of this feature is to allow network researchers to quickly train and deploy their own classifiers on a subset of the data features that Joy produces. 


We are going to use the NC State WebEx for the web conference.Please note that this WebEx belongs to NC State and can not be downloaded directly from Cisco. Also, it should work on iPhones and iPads via the WebExApp. A good internet connection is recommended. For better audio, please join via computer and then have the meeting call your number or call in directly using one of the numbers below. When not speaking, please mute your phone to avoid background noise. When it’s time, join the WebEx meeting from here:




919-513-9329 (WolfMeeting)

Access Code: 996 474 981



Aug 15, 2018
1:00 pm - 2:30 pm


Partners I, 1017 Main Campus Dr, Raleigh, NC 27606, USA
800 Main Campus Dr
Raleigh, NC United States



Connect With Us

LAS aims to bring together a multi-disciplinary group of academic, industry, and government researchers, analysts and managers together to re-engineer the intelligence analysis process to promote predictive analysis. LAS will do this by conducting both classified and unclassified research in a variety of areas of research. The research done in this area will serve as the foundation for mission effects and integrated back into the enterprise.

If you would like to sign up for our email distribution list, please fill out this form: