• DocumentCode
    2965263
  • Title

    Detecting Policy Violations through Traffic Analysis

  • Author

    Horton, Jeffrey ; Safavi-Naini, Rei

  • Author_Institution
    Centre for Inf. Security, Wollongong Univ., NSW
  • fYear
    2006
  • fDate
    Dec. 2006
  • Firstpage
    109
  • Lastpage
    120
  • Abstract
    Restrictions are commonly placed on the permitted uses of network protocols in the interests of security. These restrictions can sometimes be difficult to enforce. As an example, a permitted protocol can be used as a carrier for another protocol not otherwise permitted. However, if the observable behaviour of the protocol exhibits differences between permitted and non-permitted uses, it is possible to detect inappropriate use. We consider SSH, the secure shell protocol. This is an encrypted protocol with several uses. We attempt firstly to classify SSH sessions according to some different types of traffic for which the sessions have been used, and secondly, given a policy that permits SSH use for interactive traffic, to identify when a session appears to have been used for some other purpose
  • Keywords
    cryptography; protocols; telecommunication security; telecommunication traffic; network protocols; policy violation detection; protocol encryption; secure shell protocol; traffic analysis; Access protocols; Australia; Cryptography; IP networks; Information analysis; Information security; Inspection; Intrusion detection; Protection; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual
  • Conference_Location
    Miami Beach, FL
  • ISSN
    1063-9527
  • Print_ISBN
    0-7695-2716-7
  • Type

    conf

  • DOI
    10.1109/ACSAC.2006.24
  • Filename
    4041159
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2965263