• DocumentCode
    3231406
  • Title

    Protocol Identification of Encrypted Network Traffic

  • Author

    Gebski, Matthew ; Pene, Alex ; Wong, Raymond K.

  • Author_Institution
    Nat. ICT Australia, New South Wales Univ., NSW
  • fYear
    2006
  • fDate
    18-22 Dec. 2006
  • Firstpage
    957
  • Lastpage
    960
  • Abstract
    New means of communication are constantly emerging, some of which may constitute resource misuse of an organisation´s network system. Identifying the protocols used is straight-forward when inspecting network logs, but we focus on the problem of identifying the underlying protocol present in an unknown TCP connection. Actions are difficult to detect if the underlying protocol is encrypted and tunneled through a proxy server or SSH. We use a graph-comparison approach to build profiles of several protocols, and attempt to classify an unknown, encrypted protocol against these profiles using only the visible behaviour of the protocol being tunneled - the size, timing and direction of packets
  • Keywords
    computer networks; cryptography; graph theory; telecommunication traffic; transport protocols; TCP connection; encrypted network traffic; encrypted protocol identification; graph-comparison approach; proxy server; Australia; Bipartite graph; Cryptography; Network servers; Peer to peer computing; Protocols; Streaming media; Telecommunication traffic; Timing; Traffic control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Web Intelligence, 2006. WI 2006. IEEE/WIC/ACM International Conference on
  • Conference_Location
    Hong Kong
  • Print_ISBN
    0-7695-2747-7
  • Type

    conf

  • DOI
    10.1109/WI.2006.139
  • Filename
    4061502
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3231406