Information Retrieval
HMM profiles for network traffic classification
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Estimating the Support of a High-Dimensional Distribution
Neural Computation
ACM SIGCOMM Computer Communication Review
Traffic classification through simple statistical fingerprinting
ACM SIGCOMM Computer Communication Review
On Inferring Application Protocol Behaviors in Encrypted Network Traffic
The Journal of Machine Learning Research
Early recognition of encrypted applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Profiling-By-Association: a resilient traffic profiling solution for the internet backbone
Proceedings of the 6th International COnference
Hi-index | 0.00 |
When employing cryptographic tunnels such as the ones provided by Secure Shell (SSH) to protect their privacy on the Internet, users expect two forms of protection. First, they aim at preserving the privacy of their data. Second, they expect that their behavior, e.g., the type of applications they use, also remains private. In this paper we report on two statistical traffic analysis techniques that can be used to break the second type of protection when applied to SSH tunnels, at least under some restricting hypothesis. Experimental results show how current implementations of SSH can be susceptible to this type of analysis, and illustrate the effectiveness of our two classifiers both in terms of their capabilities in analyzing encrypted traffic and in terms of their relative computational complexity.