On Metrics to Distinguish Skype Flows from HTTP Traffic

Authors:
Emanuel Pacheco Freire;Artur Ziviani;Ronaldo Moreira Salles
Affiliations:
Military Institute of Engineering (IME), Rio de Janeiro, Brazil 22290-270;National Laboratory for Scientific Computing (LNCC), Petrópolis, Brazil 25651-075;Military Institute of Engineering (IME), Rio de Janeiro, Brazil 22290-270
Venue:
Journal of Network and Systems Management
Year:
2009

Citing 14
Cited 0

On the self-similar nature of Ethernet traffic (extended version)

IEEE/ACM Transactions on Networking (TON)
Self-similarity in World Wide Web traffic: evidence and possible causes

IEEE/ACM Transactions on Networking (TON)
Generating representative Web workloads for network and server performance evaluation

SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
An Empirical Model of HTTP Network Traffic

INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
A Behavioral Model of Web Traffic

ICNP '99 Proceedings of the Seventh Annual International Conference on Network Protocols
Characteristics of WWW Client-based Traces

Characteristics of WWW Client-based Traces
Measuring normality in HTTP traffic for anomaly-based intrusion detection

Computer Networks: The International Journal of Computer and Telecommunications Networking
BLINC: multilevel traffic classification in the dark

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A multi-model approach to the detection of web-based attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Traffic classification on the fly

ACM SIGCOMM Computer Communication Review
Unexpected means of protocol inference

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Revealing skype traffic: when randomness plays with you

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Toward the accurate identification of network applications

PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Probabilistic techniques for intrusion detection based on computer audit data

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans

Quantified Score

Hi-index	0.00

Visualization

Abstract

Skype is a Voice over IP (VoIP) Internet application that is gaining huge popularity in recent years. A key point to Skype popularity is its capability to dynamically adapt itself to operate behind firewalls or network proxies. A common way adopted by Skype to delude these network devices is to use port 80, normally expected to comprise HTTP traffic. In this paper, we propose metrics and investigate statistical tests intended to clearly distinguish Skype flows from HTTP traffic. We validate our study using real-world experimental datasets gathered at a commercial Internet Service Provider (ISP). Our experimental results suggest that the proposed methodology may be seen as a promising building block towards a system to detect general protocol anomalies in HTTP traffic.