DocumentCode :
3390981
Title :
Generalization of signatures for SSH encrypted traffic identification
Author :
Alshammari, Riyad ; Zincir-Heywood, A. Nur
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS
fYear :
2009
fDate :
March 30 2009-April 2 2009
Firstpage :
167
Lastpage :
174
Abstract :
The objective of this work is to discover generalized signatures for identifying encrypted traffic where SSH is taken as an example application. What we mean by generalized signatures is that the signatures learned by training on one network are still valid when they are applied to traffic coming from a totally different network. We identified 13 signatures and 14 flow attributes for SSH traffic classification where IP addresses, source/destination ports and payload information are not employed. The signatures are able to identify encrypted traffic with high detection rate and low false positive rate. We can achieve up to 97% DR and 0.8% FPR for identifying SSH traffic.
Keywords :
IP networks; cryptography; digital signatures; telecommunication traffic; IP addresses; SSH encrypted traffic identification; SSH traffic classification; generalized signatures; Cryptography;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computational Intelligence in Cyber Security, 2009. CICS '09. IEEE Symposium on
Conference_Location :
Nashville, TN
Print_ISBN :
978-1-4244-2769-7
Type :
conf
DOI :
10.1109/CICYBS.2009.4925105
Filename :
4925105
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3390981
بازگشت