Title :
Markov chain fingerprinting to classify encrypted traffic
Author :
Korczynski, Maciej ; Duda, A.
Author_Institution :
EENR & DIMACS, Rutgers Univ., Piscataway, NJ, USA
fDate :
April 27 2014-May 2 2014
Abstract :
In this paper, we propose stochastic fingerprints for application traffic flows conveyed in Secure Socket Layer/Transport Layer Security (SSL/TLS) sessions. The fingerprints are based on first-order homogeneous Markov chains for which we identify the parameters from observed training application traces. As the fingerprint parameters of chosen applications considerably differ, the method results in a very good accuracy of application discrimination and provides a possibility of detecting abnormal SSL/TLS sessions. Our analysis of the results reveals that obtaining application discrimination mainly comes from incorrect implementation practice, the misuse of the SSL/TLS protocol, various server configurations, and the application nature.
Keywords :
Internet; Markov processes; computer network security; cryptographic protocols; fingerprint identification; Markov chain fingerprinting; SSL/TLS protocol; SSL/TLS sessions; encrypted traffic classification; fingerprint parameters; secure socket layer/transport layer security; stochastic fingerprints; Ciphers; Markov processes; Protocols; Servers; Twitter;
Conference_Titel :
INFOCOM, 2014 Proceedings IEEE
Conference_Location :
Toronto, ON
DOI :
10.1109/INFOCOM.2014.6848005
