Skip to Main content Skip to Navigation
Conference papers

Early Recognition of Encrypted Applications

Laurent Bernaille 1 Renata Teixeira 1
1 NPA - Networks and Performance Analysis
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : Most tools to recognize the application associated with network con-nections use well-known signatures as basis for their classification. This approach is very effective in enterprise and campus networks to pinpoint forbidden appli-cations (peer to peer, for instance) or security threats. However, it is easy to use encryption to evade these mechanisms. In particular, Secure Sockets Layer (SSL) libraries such as OpenSSL are widely available and can easily be used to encrypt any type of traffic. In this paper, we propose a method to detect applications in SSL encrypted connections. Our method uses only the size of the first few packets of an SSL connection to recognize the application, which enables an early classi-fication. We test our method on packet traces collected on two campus networks and on manually-encrypted traces. Our results show that we are able to recognize the application in an SSL connection with more than 85% accuracy.
Document type :
Conference papers
Complete list of metadata

Cited literature [13 references]  Display  Hide  Download

https://hal.inria.fr/hal-01097556
Contributor : Renata Teixeira <>
Submitted on : Friday, December 19, 2014 - 6:57:05 PM
Last modification on : Friday, January 8, 2021 - 5:38:04 PM
Long-term archiving on: : Monday, March 23, 2015 - 6:41:06 PM

File

pam.pdf
Files produced by the author(s)

Identifiers

Citation

Laurent Bernaille, Renata Teixeira. Early Recognition of Encrypted Applications. PAM 2007 - 8th Internatinoal Conference on Passive and Active network Measurement, Apr 2007, Louvain-la-neuve, Belgium. pp.165-175, ⟨10.1007/978-3-540-71617-4_17⟩. ⟨hal-01097556⟩

Share

Metrics

Record views

271

Files downloads

926