Title :
User identification in encrypted network communications
Author :
Koch, Robert ; Rodosek, Gabi Dreo
Author_Institution :
Inst. fur Tech. Inf. (ITI), Univ. der Bundeswehr, München, Germany
Abstract :
Encrypting network traffic is a normal procedure to protect information for exchange. This prevents tapping and manipulation but it also hampers intrusion as well as data leakage and misuse detection. Obtaining knowledge about users of encrypted communications is, however, beneficial in terms of monitoring access, security and accounting reasons. Thus, the objective is to provide evidence of the source of actions, especially to detect insiders and illegal connections, without the necessity of decrypting the network traffic. We propose a novel architecture to identify users of encrypted traffic in a network environment of a company. It is based on statistical evaluation of monitored network packets. The proposed approach utilizes and combines two main aspects, the mode of operation of remote sessions and the keystroke dynamics of users. Aspects such as capturing and clustering network traffic, generating user profiles and patterns, and statistical analysis are part of the architecture.
Keywords :
cryptography; statistical analysis; telecommunication traffic; encrypted network communication; encrypted traffic; keystroke dynamics; monitored network packet; network environment; network traffic clustering; network traffic encryption; statistical analysis; statistical evaluation; user identification; user profiles; Correlation; Cryptography; Delay; Intrusion detection; Protocols; Servers;
Conference_Titel :
Network and Service Management (CNSM), 2010 International Conference on
Conference_Location :
Niagara Falls, ON
Print_ISBN :
978-1-4244-8910-7
Electronic_ISBN :
978-1-4244-8908-4
DOI :
10.1109/CNSM.2010.5691292
