Sciweavers

ACSAC
2006
IEEE

Detecting Policy Violations through Traffic Analysis

14 years 3 months ago
Detecting Policy Violations through Traffic Analysis
Restrictions are commonly placed on the permitted uses of network protocols in the interests of security. These restrictions can sometimes be difficult to enforce. As an example, a permitted protocol can be used as a carrier for another protocol not otherwise permitted. However, if the observable behaviour of the protocol exhibits differences between permitted and non-permitted uses, it is possible to detect inappropriate use. We consider SSH, the Secure Shell protocol. This is an encrypted protocol with several uses. We attempt firstly to classify SSH sessions according to some different types of traffic for which the sessions have been used, and secondly, given a policy that permits SSH use for interactive traffic, to identify when a session appears to have been used for some other purpose.
Jeffrey Horton, Reihaneh Safavi-Naini
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where ACSAC
Authors Jeffrey Horton, Reihaneh Safavi-Naini
Comments (0)