The identification of application flows is a critical task in order to manage bandwidth requirements of different kind of services (i.e. VOIP, Video, ERP). As network security functions spread, an increasing amount of traffic is natively encrypted due to privacy issues (e.g. VPN). This makes ineffective current traffic classification systems based on ports and payload inspection, e.g. even powerful Deep Packet Inspection is useless to classify application flow carried inside SSH sessions. We have developed a real time traffic classification method based on cluster analysis to identify SSH flows from statistical behavior of IP traffic parameters, such as length, arrival times and direction of packets. In this paper we describe our approach and relevant obtained results. We achieve detection rate up to 99.5 % in classifying SSH flows and accuracy up to 99.88 % for application flows carried within those flows, such as SCP, SFTP and HTTP over SSH. © IFIP International Federation for Information Processing 2009.
Real Time Identification of SSH Encrypted Application Flows by Using Cluster Analysis Techniques / Maiolini, G; Baiocchi, Andrea; Iacovazzi, A; Rizzi, Antonello. - 5550/2009(2009), pp. 182-194. ((Intervento presentato al convegno 8th International IFIP TC 6 Network Conference 2009 tenutosi a Aachen; Germany nel 12-15 MAY 2009.. [10.1007/978-3-642-01399-7_15].
Real Time Identification of SSH Encrypted Application Flows by Using Cluster Analysis Techniques
BAIOCCHI, Andrea;IACOVAZZI A;RIZZI, Antonello
2009
Abstract
The identification of application flows is a critical task in order to manage bandwidth requirements of different kind of services (i.e. VOIP, Video, ERP). As network security functions spread, an increasing amount of traffic is natively encrypted due to privacy issues (e.g. VPN). This makes ineffective current traffic classification systems based on ports and payload inspection, e.g. even powerful Deep Packet Inspection is useless to classify application flow carried inside SSH sessions. We have developed a real time traffic classification method based on cluster analysis to identify SSH flows from statistical behavior of IP traffic parameters, such as length, arrival times and direction of packets. In this paper we describe our approach and relevant obtained results. We achieve detection rate up to 99.5 % in classifying SSH flows and accuracy up to 99.88 % for application flows carried within those flows, such as SCP, SFTP and HTTP over SSH. © IFIP International Federation for Information Processing 2009.| File | Dimensione | Formato | |
|---|---|---|---|
|
Real time identification of SSH encrypted application flows by using cluster analysis techniques.pdf
solo gestori archivio
Tipologia:
Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
629.95 kB
Formato
Adobe PDF
|
629.95 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
