Protocol Identification of Encrypted Network Traffic

Hong Kong, China December 18-December 22

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/WI.2006.139

2006 IEEE/WIC/ACM International Confe ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Matthew Gebski Articles by Alex Penev Articles by Raymond K. Wong

	ASCII Text	x
	Matthew Gebski, Alex Penev, Raymond K. Wong, "Protocol Identification of Encrypted Network Traffic," Web Intelligence, IEEE / WIC / ACM International Conference on, pp. 957-960, 2006 IEEE/WIC/ACM International Conference on Web Intelligence (WI'06), 2006.

	BibTex	x
	@article{ 10.1109/WI.2006.139, author = {Matthew Gebski and Alex Penev and Raymond K. Wong}, title = {Protocol Identification of Encrypted Network Traffic}, journal ={Web Intelligence, IEEE / WIC / ACM International Conference on}, volume = {0}, year = {2006}, isbn = {0-7695-2747-7}, pages = {957-960}, doi = {http://doi.ieeecomputersociety.org/10.1109/WI.2006.139}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Web Intelligence, IEEE / WIC / ACM International Conference on TI - Protocol Identification of Encrypted Network Traffic SN - 0-7695-2747-7 SP957 EP960 A1 - Matthew Gebski, A1 - Alex Penev, A1 - Raymond K. Wong, PY - 2006 KW - null VL - 0 JA - Web Intelligence, IEEE / WIC / ACM International Conference on ER -

Matthew Gebski, National ICT, Australia; University of New South Wales, Australia

Alex Penev, National ICT, Australia; University of New South Wales, Australia

Raymond K. Wong, National ICT, Australia; University of New South Wales, Australia

New means of communication are constantly emerg- ing, some of which may constitute resource mis- use of an organisation?s network system. Identify- ing the protocols used is straight-forward when in- specting network logs, but we focus on the problem of identifying the underlying protocol present in an unknown TCP connection. Actions are difficult to detect if the underlying protocol is encrypted and tunneled through a proxy server or SSH. We use a graph-comparison approach to build profiles of sev- eral protocols, and attempt to classify an unknown, encrypted protocol against these profiles using only the visible behaviour of the protocol being tunneled-- the size, timing and direction of packets.

Citation:

Matthew Gebski, Alex Penev, Raymond K. Wong, "Protocol Identification of Encrypted Network Traffic," wi, pp.957-960, 2006 IEEE/WIC/ACM International Conference on Web Intelligence (WI'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.