Abstract
The use of application-layer tunnels has become more
popular nowadays. By using encrypted tunnels for
prohibited application such as peer-to-peer file sharing
it is easy to gain access to restricted networks.
Application-layer tunnels provide a possibility to bypass
network defenses which is even more useful for malicious
users trying to avoid detection. The accurate
identification of application flows in encrypted tunnels
is important for the network security and management
purposes. Traditional network traffic classification
methods based on port numbers or pattern-matching
mechanisms are practically useless in identifying
application flows inside an encrypted tunnel, therefore
another approach is needed. In this paper, we propose a
two-phased method for classifying SSH tunneled
application flows in real time. The classification is
based on the statistical features of the network flows.
The first classification phase identifies the SSH
connection while the second classification phase detects
the tunneled application. A simple K-Means clustering
algorithm is utilized in classification. We evaluated our
method using manually generated packet traces. The
results were promising; over 94% of all flow samples were
classified correctly, while untrained application flow
samples were detected as unknown at high precision. (12
refs.)
Original language | English |
---|---|
Title of host publication | Proceedings |
Subtitle of host publication | 7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011 |
Place of Publication | Piscataway, NJ, USA |
Publisher | IEEE Institute of Electrical and Electronic Engineers |
Pages | 1033-1038 |
ISBN (Electronic) | 978-1-4244-9538-2 |
ISBN (Print) | 978-1-4244-9539-9 |
DOIs | |
Publication status | Published - 2011 |
MoE publication type | A4 Article in a conference publication |
Event | 7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011 - Istanbul, Turkey Duration: 12 Aug 2011 → … |
Conference
Conference | 7th International Wireless Communications and Mobile Computing Conference, IWCMC 2011 |
---|---|
Abbreviated title | IWCMC 2011 |
Country/Territory | Turkey |
City | Istanbul |
Period | 12/08/11 → … |