• DocumentCode
    170488
  • Title

    Markov chain fingerprinting to classify encrypted traffic

  • Author

    Korczynski, Maciej ; Duda, A.

  • Author_Institution
    EENR & DIMACS, Rutgers Univ., Piscataway, NJ, USA
  • fYear
    2014
  • fDate
    April 27 2014-May 2 2014
  • Firstpage
    781
  • Lastpage
    789
  • Abstract
    In this paper, we propose stochastic fingerprints for application traffic flows conveyed in Secure Socket Layer/Transport Layer Security (SSL/TLS) sessions. The fingerprints are based on first-order homogeneous Markov chains for which we identify the parameters from observed training application traces. As the fingerprint parameters of chosen applications considerably differ, the method results in a very good accuracy of application discrimination and provides a possibility of detecting abnormal SSL/TLS sessions. Our analysis of the results reveals that obtaining application discrimination mainly comes from incorrect implementation practice, the misuse of the SSL/TLS protocol, various server configurations, and the application nature.
  • Keywords
    Internet; Markov processes; computer network security; cryptographic protocols; fingerprint identification; Markov chain fingerprinting; SSL/TLS protocol; SSL/TLS sessions; encrypted traffic classification; fingerprint parameters; secure socket layer/transport layer security; stochastic fingerprints; Ciphers; Markov processes; Protocols; Servers; Twitter;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    INFOCOM, 2014 Proceedings IEEE
  • Conference_Location
    Toronto, ON
  • Type

    conf

  • DOI
    10.1109/INFOCOM.2014.6848005
  • Filename
    6848005
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=170488