STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
Infranet: Circumventing Web Censorship and Surveillance
Proceedings of the 11th USENIX Security Symposium
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Automated Traffic Classification and Application Identification using Machine Learning
LCN '05 Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
On Inferring Application Protocol Behaviors in Encrypted Network Traffic
The Journal of Machine Learning Research
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Network monitoring using traffic dispersion graphs (tdgs)
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Theory and Techniques for Automatic Generation of Vulnerability-Based Signatures
IEEE Transactions on Dependable and Secure Computing
A scalable multithreaded L7-filter design for multi-core servers
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
A P2P Network Traffic Classification Method Using SVM
ICYCS '08 Proceedings of the 2008 The 9th International Conference for Young Computer Scientists
Plaintext Recovery Attacks against SSH
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Selected Areas in Cryptography
Graph-based P2P traffic classification at the internet backbone
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Early recognition of encrypted applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Chipping away at censorship firewalls with user-generated content
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Telex: anticensorship in the network infrastructure
SEC'11 Proceedings of the 20th USENIX conference on Security
BridgeSPA: improving Tor bridges with single packet authorization
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
Cirripede: circumvention infrastructure using router redirection with plausible deniability
Proceedings of the 18th ACM conference on Computer and communications security
Embedding covert channels into TCP/IP
IH'05 Proceedings of the 7th international conference on Information Hiding
Automatic protocol signature generation framework for deep packet inspection
Proceedings of the 5th International ICST Conference on Performance Evaluation Methodologies and Tools
A survey of techniques for internet traffic classification using machine learning
IEEE Communications Surveys & Tutorials
Issues and future directions in traffic classification
IEEE Network: The Magazine of Global Internetworking
SkypeMorph: protocol obfuscation for Tor bridges
Proceedings of the 2012 ACM conference on Computer and communications security
StegoTorus: a camouflage proxy for the Tor anonymity system
Proceedings of the 2012 ACM conference on Computer and communications security
CensorSpoofer: asymmetric communication using IP spoofing for censorship-resistant web browsing
Proceedings of the 2012 ACM conference on Computer and communications security
Network-based intrusion detection systems go active!
Proceedings of the 2012 ACM conference on Computer and communications security
Timely and continuous machine-learning-based classification for interactive IP traffic
IEEE/ACM Transactions on Networking (TON)
The Parrot Is Dead: Observing Unobservable Network Communications
SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
Deep packet inspection (DPI) technologies provide much-needed visibility and control of network traffic using port-independent protocol identification, where a network flow is labeled with its application-layer protocol based on packet contents. In this paper, we provide the first comprehensive evaluation of a large set of DPI systems from the point of view of protocol misidentification attacks, in which adversaries on the network attempt to force the DPI to mislabel connections. Our approach uses a new cryptographic primitive called format-transforming encryption (FTE), which extends conventional symmetric encryption with the ability to transform the ciphertext into a format of our choosing. We design an FTE-based record layer that can encrypt arbitrary application-layer traffic, and we experimentally show that this forces misidentification for all of the evaluated DPI systems. This set includes a proprietary, enterprise-class DPI system used by large corporations and nation-states. We also show that using FTE as a proxy system incurs no latency overhead and as little as 16\% bandwidth overhead compared to standard SSH tunnels. Finally, we integrate our FTE proxy into the Tor anonymity network and demonstrate that it evades real-world censorship by the Great Firewall of China.