مرکز منطقه ای اطلاع رساني علوم و فناوري - Statistical Pattern Recognition Based Content Analysis on Encrypted Network: Traffic for the TeamViewer Application

DocumentCode :

624956

Title :

Statistical Pattern Recognition Based Content Analysis on Encrypted Network: Traffic for the TeamViewer Application

Author :

Altschaffel, Robert ; Clausing, Robert ; Kraetzer, Christian ; Hoppe, Tobias ; Kiltz, Stefan ; Dittmann, Jana

Author_Institution :

Adv. Multimedia & Security Lab., Otto-von-Guerricke-Univ., Magdeburg, Germany

fYear :

2013

fDate :

12-14 March 2013

Firstpage :

113

Lastpage :

121

Abstract :

In the course of a forensic investigation it might be required to distinguish between different network activities. While various means to analyse network traffic exist, encrypted traffic often makes such an analysis problematic. The focus of this paper is to introduce a method based on statistical pattern recognition on network recordings of encrypted sessions to distinguish between different actions within these sessions. For demonstration purposes the popular remote support and online-meeting application TeamViewer is selected to introduce and discuss an approach to distinguish between file transfers, voice conferences, video conferences, text chat and normal remote sessions within TeamViewer sessions.

Keywords :

computer network security; cryptography; data analysis; digital forensics; pattern recognition; statistical analysis; telecommunication traffic; TeamViewer application; TeamViewer session; encrypted network traffic; file transfer; forensic investigation; network activity; network recording; network traffic analysis; online-meeting application; remote session; remote support application; statistical pattern recognition based content analysis; text chat; video conference; voice conference; Cryptography; Feature extraction; Inspection; Pattern recognition; Payloads; Standards; Training; classification; encrypted traffic; statistical analysis; traffic analysis;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

IT Security Incident Management and IT Forensics (IMF), 2013 Seventh International Conference on

Conference_Location :

Nuremberg

Print_ISBN :

978-1-4673-6307-5

Type :

conf

DOI :

10.1109/IMF.2013.19

Filename :

6568559

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=624956