Title :
Investigating application behavior in network traffic traces
Author :
Foroushani, Vahid Aghaei ; Zincir-Heywood, A. Nur
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
Abstract :
Identifying encrypted application traffic is an important issue for many network tasks including quality of service, firewall enforcement and security. This paper presents a machine learning based approach to identify high level application behavior in a given traffic trace using a holistic approach without looking into the content or without checking a static attribute. We demonstrate the effectiveness of our approach as a forensic analysis tool on five encrypted applications namely SSH, Skype, Gtalk, SSL (No Web) and HTTPS (Web Browsing), using traces captured from different networks. Results indicate that it is possible to identify high level application behavior such as unencrypted versus encrypted as well as identifying services running in encrypted tunnels.
Keywords :
cryptography; digital forensics; firewalls; learning (artificial intelligence); quality of service; social networking (online); telecommunication traffic; Gtalk; HTTPS; SSH; SSL; Skype; Web browsing; computer network security; encrypted application traffic identification; encrypted tunnels; firewall enforcement; forensic analysis tool; high level application behavior identification; holistic approach; machine learning based approach; network traffic traces; quality of service; Classification algorithms; Clustering algorithms; Cryptography; Decision trees; Feature extraction; Ports (Computers); Training; Encrypted traffic identification; Performance measures; Security;
Conference_Titel :
Computational Intelligence for Security and Defense Applications (CISDA), 2013 IEEE Symposium on
Conference_Location :
Singapore
DOI :
10.1109/CISDA.2013.6595430
