Sciweavers

PAM
2007
Springer

Early Recognition of Encrypted Applications

14 years 5 months ago
Early Recognition of Encrypted Applications
Abstract. Most tools to recognize the application associated with network connections use well-known signatures as basis for their classification. This approach is very effective in enterprise and campus networks to pinpoint forbidden applications (peer to peer, for instance) or security threats. However, it is easy to use encryption to evade these mechanisms. In particular, Secure Sockets Layer (SSL) libraries such as OpenSSL are widely available and can easily be used to encrypt any type of traffic. In this paper, we propose a method to detect applications in SSL encrypted connections. Our method uses only the size of the first few packets of an SSL connection to recognize the application, which enables an early classification. We test our method on packet traces collected on two campus networks and on manually-encrypted traces. Our results show that we are able to recognize the application in an SSL connection with more than 85% accuracy.
Laurent Bernaille, Renata Teixeira
Added 09 Jun 2010
Updated 09 Jun 2010
Type Conference
Year 2007
Where PAM
Authors Laurent Bernaille, Renata Teixeira
Comments (0)