학술논문
Protocol Identification of Encrypted Network Traffic
Document Type
Conference
Author
Source
2006 IEEE/WIC/ACM International Conference on Web Intelligence (WI 2006 Main Conference Proceedings)(WI'06) Web Intelligence, 2006. WI 2006. IEEE/WIC/ACM International Conference on. :957-960 Dec, 2006
Subject
Language
Abstract
New means of communication are constantly emerg- ing, some of which may constitute resource mis- use of an organisation's network system. Identify- ing the protocols used is straight-forward when in- specting network logs, but we focus on the problem of identifying the underlying protocol present in an unknown TCP connection. Actions are difficult to detect if the underlying protocol is encrypted and tunneled through a proxy server or SSH. We use a graph-comparison approach to build profiles of sev- eral protocols, and attempt to classify an unknown, encrypted protocol against these profiles using only the visible behaviour of the protocol being tunneled-- the size, timing and direction of packets.