Secure SHell is a TCP based protocol designed to enhance with security features telnet and other insecure remote management tools. Due to its versatility, it is often exploited to forward applications (i.e. HTTP, SCP, etc.) into encoded TCP traffic flows. The point which makes challenging the identification of the uses of SSH is that packets are enciphered and instruments based on deep packet inspection (DPI) cannot achieve this task. We approached the problem of early SSH classification with k-means based machine by studying statistical behavior of IP traffic parameters, such as length, arrival time and direction of packets. In this paper we describe tools and networks designed to collect SSH remote administration traffic as well as relevant results obtained for its classification. In particular, our tool identifies remote management traffic out of other SSH encoded appli cations with accuracy up to 90.34.
Statistical classification of services tunneled into SSH connections by a k-means based learning algorithm / G., Maiolini; Baiocchi, Andrea; Rizzi, Antonello; C., Iollo Di. - unico:(2010), pp. 742-746. (Intervento presentato al convegno 6th International Wireless Communications and Mobile Computing Conference, IWCMC 2010 tenutosi a Caen; France nel 28 June 2010 through 2 July 2010) [10.1145/1815396.1815567].
Statistical classification of services tunneled into SSH connections by a k-means based learning algorithm
BAIOCCHI, Andrea;RIZZI, Antonello;
2010
Abstract
Secure SHell is a TCP based protocol designed to enhance with security features telnet and other insecure remote management tools. Due to its versatility, it is often exploited to forward applications (i.e. HTTP, SCP, etc.) into encoded TCP traffic flows. The point which makes challenging the identification of the uses of SSH is that packets are enciphered and instruments based on deep packet inspection (DPI) cannot achieve this task. We approached the problem of early SSH classification with k-means based machine by studying statistical behavior of IP traffic parameters, such as length, arrival time and direction of packets. In this paper we describe tools and networks designed to collect SSH remote administration traffic as well as relevant results obtained for its classification. In particular, our tool identifies remote management traffic out of other SSH encoded appli cations with accuracy up to 90.34.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
