Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICC
2008
IEEE
2008
IEEE
Detection of Encrypted Tunnels Across Network Boundaries
— The use of covert application-layer tunnels to bypass security gateways has become quite popular in recent years. By encapsulating blocked or controlled protocols such as peerto-peer, chat and e-mail into others allowed by the security policies, such as HTTP, SSH or even DNS, both legitimate and malicious users can effectively neutralize many security restrictions enforced at the network edge. Traditional firewalling techniques, based on Application Layer Gateways and even pattern-matching mechanisms are becoming practically useless as tunneling tools grow more sophisticated. In this paper we propose an effective solution to this problem based on a statistical traffic classification technique. Our mechanism relies on the creation of a statistical fingerprint of legitimate usage of a given protocol, such as regular remote interactive logins or secure copying activities. Such fingerprint can then be used to detect with high accuracy non-legitimate sessions, i.e., sessions that t...
Real-time TrafficApplication Layer | Application Layer Gateways | Communications | Covert Application-layer Tunnels | ICC 2008 |
Related Content
| Added | 30 May 2010 |
| Updated | 30 May 2010 |
| Type | Conference |
| Year | 2008 |
| Where | ICC |
| Authors | Maurizio Dusi, Manuel Crotti, Francesco Gringoli, Luca Salgarelli |
Comments (0)
Researcher Info
|
