Title :
The classification of SSH tunneled traffic using maximum likelihood classifier
Author :
Tan, Xiaobing ; Su, Xiuqin ; Qian, Qingming
Abstract :
Secure SHell(SSH) [1] provides TCP/IP port forwarding for any Application-layer protocols. It is useful in protecting the privacy of users, but it can lead to the illegal use of some forbidden protocols. Because of the encryption, the Deep Payload Inspection (DPI) technique is ineffective in classifying the network traffic. This paper introduces how to employ the statistical pattern recognition method, Maximum Likelihood Classification [2, 3], to classify the SSH tunneled traffic, i.e. to decide which protocols is tunneled in the encrypted tunnels. It is very important to find out the boundary of a tunneled flow in processing the originate data. So we proposed a method for detecting the boundaries of SSH tunneled traffic.
Keywords :
maximum likelihood estimation; pattern recognition; telecommunication traffic; transport protocols; SSH tunneled traffic; TCP/IP port forwarding; application-layer protocols; deep payload inspection; forbidden protocols; maximum likelihood classification; maximum likelihood classifier; statistical pattern recognition method; Classification algorithms; IP networks; Maximum likelihood detection; Maximum likelihood estimation; Pattern recognition; Protocols; Servers; SSH; boundary detection; classification; maximum likelihood classification; traffic; tunnel;
Conference_Titel :
Electronics, Communications and Control (ICECC), 2011 International Conference on
Conference_Location :
Zhejiang
Print_ISBN :
978-1-4577-0320-1
DOI :
10.1109/ICECC.2011.6066732
