Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
Proceedings of the 7th ACM conference on Computer and communications security
ACM Transactions on Information and System Security (TISSEC)
Finding a Connection Chain for Tracing Intruders
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Statistical Identification of Encrypted Web Browsing Traffic
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Behavioral Authentication of Server Flows
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Intrusion Detection: A Bioinformatics Approach
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
HMM profiles for network traffic classification
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Internet traffic classification using bayesian analysis techniques
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Traffic classification on the fly
ACM SIGCOMM Computer Communication Review
Using visual motifs to classify encrypted traffic
Proceedings of the 3rd international workshop on Visualization for computer security
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Timing analysis of keystrokes and timing attacks on SSH
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Dynamic application-layer protocol analysis for network intrusion detection
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
SSH: secure login connections over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Toward the accurate identification of network applications
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Using visual motifs to classify encrypted traffic
Proceedings of the 3rd international workshop on Visualization for computer security
Machine Learning for Computer Security
The Journal of Machine Learning Research
ACM SIGCOMM Computer Communication Review
Proceedings of the 13th annual ACM international conference on Mobile computing and networking
Sequence alignment for masquerade detection
Computational Statistics & Data Analysis
Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob?
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Devices that tell on you: privacy trends in consumer ubiquitous computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Improving wireless privacy with an identifier-free link layer protocol
Proceedings of the 6th international conference on Mobile systems, applications, and services
Classification of packed executables for accurate computer virus detection
Pattern Recognition Letters
Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting
Computer Networks: The International Journal of Computer and Telecommunications Networking
Real Time Identification of SSH Encrypted Application Flows by Using Cluster Analysis Techniques
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
Performing traffic analysis on a wireless identifier-free link layer
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
Classifying SSH encrypted traffic with minimum packet header features using genetic programming
Proceedings of the 11th Annual Conference Companion on Genetic and Evolutionary Computation Conference: Late Breaking Papers
Physical Layer Attacks on Unlinkability in Wireless LANs
PETS '09 Proceedings of the 9th International Symposium on Privacy Enhancing Technologies
In-the-dark network traffic classification using support vector machines
IAAI'08 Proceedings of the 20th national conference on Innovative applications of artificial intelligence - Volume 3
Detecting traffic differentiation in backbone ISPs with NetPolice
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Statistical texture analysis methods for network traffic classification
AsiaCSN '07 Proceedings of the Fourth IASTED Asian Conference on Communication Systems and Networks
Machine learning based encrypted traffic classification: identifying SSH and skype
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Early recognition of encrypted applications
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Using GMM and SVM-based techniques for the classification of SSH-encrypted traffic
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A framework for tunneled traffic analysis
ICACT'10 Proceedings of the 12th international conference on Advanced communication technology
Traffic classification using visual motifs: an empirical evaluation
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Website fingerprinting and identification using ordered feature sequences
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
An FPGA-based system for tracking digital information transmitted via Peer-to-Peer protocols
International Journal of Security and Networks
Early classification of network traffic through multi-classification
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Inferring users' online activities through traffic analysis
Proceedings of the fourth ACM conference on Wireless network security
A comparative performance evaluation of DNS tunneling tools
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Using a behaviour knowledge space approach for detecting unknown IP traffic flows
MCS'11 Proceedings of the 10th international conference on Multiple classifier systems
Deja vu: fingerprinting network problems
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient web browsing with perfect anonymity using page prefetching
ICA3PP'10 Proceedings of the 10th international conference on Algorithms and Architectures for Parallel Processing - Volume Part I
Network traffic classification via HMM under the guidance of syntactic structure
Computer Networks: The International Journal of Computer and Telecommunications Networking
Tag size does matter: attacks and proofs for the TLS record protocol
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Tetherway: a framework for tethering camouflage
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Beyond TOR: the truenyms protocol
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
Security measures in wired and wireless networks
ISIICT'09 Proceedings of the Third international conference on Innovation and Information and Communication Technology
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
Protocol misidentification made easy with format-transforming encryption
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
An information-theoretical approach to high-speed flow nature identification
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
Several fundamental security mechanisms for restricting access to network resources rely on the ability of a reference monitor to inspect the contents of traffic as it traverses the network. However, with the increasing popularity of cryptographic protocols, the traditional means of inspecting packet contents to enforce security policies is no longer a viable approach as message contents are concealed by encryption. In this paper, we investigate the extent to which common application protocols can be identified using only the features that remain intact after encryption---namely packet size, timing, and direction. We first present what we believe to be the first exploratory look at protocol identification in encrypted tunnels which carry traffic from many TCP connections simultaneously, using only post-encryption observable features. We then explore the problem of protocol identification in individual encrypted TCP connections, using much less data than in other recent approaches. The results of our evaluation show that our classifiers achieve accuracy greater than 90% for several protocols in aggregate traffic, and, for most protocols, greater than 80% when making fine-grained classifications on single connections. Moreover, perhaps most surprisingly, we show that one can even estimate the number of live connections in certain classes of encrypted tunnels to within, on average, better than 20%.