Estimation of entropy and mutual information
Neural Computation
Using Entropy Analysis to Find Encrypted and Packed Malware
IEEE Security and Privacy
A Real-Time Algorithm for Skype Traffic Detection and Classification
NEW2AN '09 and ruSMART '09 Proceedings of the 9th International Conference on Smart Spaces and Next Generation Wired/Wireless Networking and Second Conference on Smart Spaces
Entropy-based traffic filtering to support real-time Skype detection
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
A Coincidence-Based Test for Uniformity Given Very Sparsely Sampled Discrete Data
IEEE Transactions on Information Theory
An information-theoretical approach to high-speed flow nature identification
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
This paper describes a novel approach to classify network traffic into encrypted and unencrypted traffic. The classifier is able to operate in real-time as only the first packet of each flow is processed. The main metric used for classification is an estimation of the entropy of the first packet payload. The approach is evaluated based on encrypted ground truth traces and on real network traces. Encrypted traffic such as Skype, or encrypted eDonkey traffic are detected as encrypted with probability higher than 94%. Unencrypted protocols such as SMTP, HTTP, POP3 or FTP are detected as unencrypted with probability higher than 99.9%. The presented approach, named real-time encrypted traffic detector (RT-ETD), is well suited to operate as pre-filter for advanced classification approaches to enable their applicability on increased bandwidth.