Sciweavers

Share
ICC
2008
IEEE

Detection of Encrypted Tunnels Across Network Boundaries

9 years 4 months ago
Detection of Encrypted Tunnels Across Network Boundaries
— The use of covert application-layer tunnels to bypass security gateways has become quite popular in recent years. By encapsulating blocked or controlled protocols such as peerto-peer, chat and e-mail into others allowed by the security policies, such as HTTP, SSH or even DNS, both legitimate and malicious users can effectively neutralize many security restrictions enforced at the network edge. Traditional firewalling techniques, based on Application Layer Gateways and even pattern-matching mechanisms are becoming practically useless as tunneling tools grow more sophisticated. In this paper we propose an effective solution to this problem based on a statistical traffic classification technique. Our mechanism relies on the creation of a statistical fingerprint of legitimate usage of a given protocol, such as regular remote interactive logins or secure copying activities. Such fingerprint can then be used to detect with high accuracy non-legitimate sessions, i.e., sessions that t...
Maurizio Dusi, Manuel Crotti, Francesco Gringoli,
Added 30 May 2010
Updated 30 May 2010
Type Conference
Year 2008
Where ICC
Authors Maurizio Dusi, Manuel Crotti, Francesco Gringoli, Luca Salgarelli
Comments (0)
books