By Topic

Protocol Identification of Encrypted Network Traffic

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Gebski, M. ; Nat. ICT Australia, New South Wales Univ., NSW ; Penev, A. ; Wong, R.K.

New means of communication are constantly emerging, some of which may constitute resource misuse of an organisation's network system. Identifying the protocols used is straight-forward when inspecting network logs, but we focus on the problem of identifying the underlying protocol present in an unknown TCP connection. Actions are difficult to detect if the underlying protocol is encrypted and tunneled through a proxy server or SSH. We use a graph-comparison approach to build profiles of several protocols, and attempt to classify an unknown, encrypted protocol against these profiles using only the visible behaviour of the protocol being tunneled - the size, timing and direction of packets

Published in:

Web Intelligence, 2006. WI 2006. IEEE/WIC/ACM International Conference on

Date of Conference:

18-22 Dec. 2006