Title :
Protocol Identification of Encrypted Network Traffic
Author :
Gebski, Matthew ; Pene, Alex ; Wong, Raymond K.
Author_Institution :
Nat. ICT Australia, New South Wales Univ., NSW
Abstract :
New means of communication are constantly emerging, some of which may constitute resource misuse of an organisation´s network system. Identifying the protocols used is straight-forward when inspecting network logs, but we focus on the problem of identifying the underlying protocol present in an unknown TCP connection. Actions are difficult to detect if the underlying protocol is encrypted and tunneled through a proxy server or SSH. We use a graph-comparison approach to build profiles of several protocols, and attempt to classify an unknown, encrypted protocol against these profiles using only the visible behaviour of the protocol being tunneled - the size, timing and direction of packets
Keywords :
computer networks; cryptography; graph theory; telecommunication traffic; transport protocols; TCP connection; encrypted network traffic; encrypted protocol identification; graph-comparison approach; proxy server; Australia; Bipartite graph; Cryptography; Network servers; Peer to peer computing; Protocols; Streaming media; Telecommunication traffic; Timing; Traffic control;
Conference_Titel :
Web Intelligence, 2006. WI 2006. IEEE/WIC/ACM International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
0-7695-2747-7
DOI :
10.1109/WI.2006.139
