Early Recognition of Encrypted Applications - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2007

Early Recognition of Encrypted Applications

Résumé

Most tools to recognize the application associated with network con-nections use well-known signatures as basis for their classification. This approach is very effective in enterprise and campus networks to pinpoint forbidden appli-cations (peer to peer, for instance) or security threats. However, it is easy to use encryption to evade these mechanisms. In particular, Secure Sockets Layer (SSL) libraries such as OpenSSL are widely available and can easily be used to encrypt any type of traffic. In this paper, we propose a method to detect applications in SSL encrypted connections. Our method uses only the size of the first few packets of an SSL connection to recognize the application, which enables an early classi-fication. We test our method on packet traces collected on two campus networks and on manually-encrypted traces. Our results show that we are able to recognize the application in an SSL connection with more than 85% accuracy.
Fichier principal
Vignette du fichier
pam.pdf (136.51 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01097556 , version 1 (19-12-2014)

Identifiants

Citer

Laurent Bernaille, Renata Teixeira. Early Recognition of Encrypted Applications. PAM 2007 - 8th Internatinoal Conference on Passive and Active network Measurement, Apr 2007, Louvain-la-neuve, Belgium. pp.165-175, ⟨10.1007/978-3-540-71617-4_17⟩. ⟨hal-01097556⟩
131 Consultations
1114 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More