Detecting Policy Violations through Traffic Analysis

Miami Beach, Florida, USA December 11-December 15

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.24

22nd Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jeffrey Horton Articles by Rei Safavi-Naini

	ASCII Text	x
	Jeffrey Horton, Rei Safavi-Naini, "Detecting Policy Violations through Traffic Analysis," Computer Security Applications Conference, Annual, pp. 109-120, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006.

	BibTex	x
	@article{ 10.1109/ACSAC.2006.24, author = {Jeffrey Horton and Rei Safavi-Naini}, title = {Detecting Policy Violations through Traffic Analysis}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2006}, issn = {1063-9527}, pages = {109-120}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.24}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Detecting Policy Violations through Traffic Analysis SN - 1063-9527 SP109 EP120 A1 - Jeffrey Horton, A1 - Rei Safavi-Naini, PY - 2006 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Jeffrey Horton, University of Wollongong, Australia

Rei Safavi-Naini, University of Wollongong, Australia

Restrictions are commonly placed on the permitted uses of network protocols in the interests of security. These restrictions can sometimes be difficult to enforce. As an example, a permitted protocol can be used as a carrier for another protocol not otherwise permitted. However, if the observable behaviour of the protocol exhibits differences between permitted and non-permitted uses, it is possible to detect inappropriate use.

We consider SSH, the Secure Shell protocol. This is an encrypted protocol with several uses. We attempt firstly to classify SSH sessions according to some different types of traffic for which the sessions have been used, and secondly, given a policy that permits SSH use for interactive traffic, to identify when a session appears to have been used for some other purpose.

Citation:

Jeffrey Horton, Rei Safavi-Naini, "Detecting Policy Violations through Traffic Analysis," acsac, pp.109-120, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.