Title :
Detecting Policy Violations through Traffic Analysis
Author :
Horton, Jeffrey ; Safavi-Naini, Rei
Author_Institution :
Centre for Inf. Security, Wollongong Univ., NSW
Abstract :
Restrictions are commonly placed on the permitted uses of network protocols in the interests of security. These restrictions can sometimes be difficult to enforce. As an example, a permitted protocol can be used as a carrier for another protocol not otherwise permitted. However, if the observable behaviour of the protocol exhibits differences between permitted and non-permitted uses, it is possible to detect inappropriate use. We consider SSH, the secure shell protocol. This is an encrypted protocol with several uses. We attempt firstly to classify SSH sessions according to some different types of traffic for which the sessions have been used, and secondly, given a policy that permits SSH use for interactive traffic, to identify when a session appears to have been used for some other purpose
Keywords :
cryptography; protocols; telecommunication security; telecommunication traffic; network protocols; policy violation detection; protocol encryption; secure shell protocol; traffic analysis; Access protocols; Australia; Cryptography; IP networks; Information analysis; Information security; Inspection; Intrusion detection; Protection; Telecommunication traffic;
Conference_Titel :
Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual
Conference_Location :
Miami Beach, FL
Print_ISBN :
0-7695-2716-7
DOI :
10.1109/ACSAC.2006.24
