Early Recognition of Encrypted Applications

Laurent Bernaille 1 Renata Teixeira 1
1 NPA - Networks and Performance Analysis
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : Most tools to recognize the application associated with network con-nections use well-known signatures as basis for their classification. This approach is very effective in enterprise and campus networks to pinpoint forbidden appli-cations (peer to peer, for instance) or security threats. However, it is easy to use encryption to evade these mechanisms. In particular, Secure Sockets Layer (SSL) libraries such as OpenSSL are widely available and can easily be used to encrypt any type of traffic. In this paper, we propose a method to detect applications in SSL encrypted connections. Our method uses only the size of the first few packets of an SSL connection to recognize the application, which enables an early classi-fication. We test our method on packet traces collected on two campus networks and on manually-encrypted traces. Our results show that we are able to recognize the application in an SSL connection with more than 85% accuracy.
Type de document :
Communication dans un congrès
PAM 2007 - 8th Internatinoal Conference on Passive and Active network Measurement, Apr 2007, Louvain-la-neuve, Belgium. Springer, 4427, pp.165-175, 2007, Lecture Notes in Computer Science. 〈10.1007/978-3-540-71617-4_17〉
Liste complète des métadonnées

Littérature citée [13 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01097556
Contributeur : Renata Teixeira <>
Soumis le : vendredi 19 décembre 2014 - 18:57:05
Dernière modification le : vendredi 31 août 2018 - 09:25:54
Document(s) archivé(s) le : lundi 23 mars 2015 - 18:41:06

Fichier

pam.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Laurent Bernaille, Renata Teixeira. Early Recognition of Encrypted Applications. PAM 2007 - 8th Internatinoal Conference on Passive and Active network Measurement, Apr 2007, Louvain-la-neuve, Belgium. Springer, 4427, pp.165-175, 2007, Lecture Notes in Computer Science. 〈10.1007/978-3-540-71617-4_17〉. 〈hal-01097556〉

Partager

Métriques

Consultations de la notice

135

Téléchargements de fichiers

385