On Inferring Application Protocol Behaviors in Encrypted Network Traffic
The Journal of Machine Learning Research
Using GMM and SVM-based techniques for the classification of SSH-encrypted traffic
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A Survey on Internet Traffic Identification
IEEE Communications Surveys & Tutorials
| Hi-index | 0.00 |
Secure SHell is a TCP based protocol designed to enhance with security features telnet and other insecure remote management tools. Due to its versatility, it is often exploited to forward applications (i.e. HTTP, SCP, etc.) into encoded TCP traffic flows. The point which makes challenging the identification of the uses of SSH is that packets are enciphered and instruments based on deep packet inspection (DPI) cannot achieve this task. We approached the problem of early SSH classification with k-means based machine by studying statistical behavior of IP traffic parameters, such as length, arrival time and direction of packets. In this paper we describe tools and networks designed to collect SSH remote administration traffic as well as relevant results obtained for its classification. In particular, our tool identifies remote management traffic out of other SSH encoded applications with accuracy up to 90.34