• Corpus ID: 14288789

A statistical framework for identification of tunnelled applications using machine learning

  title={A statistical framework for identification of tunnelled applications using machine learning},
  author={Ghulam Mujtaba and David J. Parish},
  journal={Int. Arab J. Inf. Technol.},
This work describes a statistical approach to detect applications which are running inside application layer tunnels. Application layer tunnels are a significant threat for network abuse and violation of acceptable internet usage policy of an organisation. In tunnelling, the prohibited application packets are encapsulated as payload of an allowed protocol packet. It is much difficult to identify tunnelling using conventional methods in the case of encrypted HTTPS tunnels, for example. Hence… 

Figures and Tables from this paper

Application Behavior Identification in DNS Tunnels Based on Spatial-Temporal Information

This study investigates the spatial-temporal information from the raw packets to identify the internal application behaviors in DNS tunnels using a machine-learning algorithm to achieve higher identification accuracy with a much lower packet consuming rate when compared with the state-of-the-art internal protocol identification scheme.



Detection of applications within encrypted tunnels using packet size distributions

  • G. MujtabaD. Parish
  • Computer Science
    2009 International Conference for Internet Technology and Secured Transactions, (ICITST)
  • 2009
This work describes a statistical approach to detect applications which are running using encrypted tunnels and shows that tunneled applications can be detected using packet size distribution in encrypted tunnels.

Using packet size distributions to identify real-time networked applications

The paper considers an alternative approach to the detection of real-time applications by searching for a statistical fingerprint derivable from the observable traffic streams generated by such applications, and finding the packet size distribution of the application is found.

Detection of Encrypted Tunnels Across Network Boundaries

This paper proposes an effective solution to the problem of firewalling based on a statistical traffic classification technique that relies on the creation of a statistical fingerprint of legitimate usage of a given protocol, such as regular remote interactive logins or secure copying activities, which can be used to detect non-legitimate sessions.

Performance of OpenDPI in Identifying Sampled Network Traffic

This paper addresses the sensitivity of OpenDPI, one of the most powerful freely available DPI systems, with sampled network traffic, and some conclusions are drawn to show how far DPI methods could be optimised through traffic sampling.

A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification

The performance impact of feature set reduction, using Consistency-based and Correlation-based feature selection, is demonstrated on Na naïve Bayes, C4.5, Bayesian Network and Naïve Bayes Tree algorithms.

P2P Streaming Traffic Detection in Encrypted Tunnel

The proposed solution finds the heartbeat signature by using the plain-text P2P streaming traffic and detects the traffic in the encrypted tunnel based on the heartbeat signatures of the traffic.

Detecting HTTP Tunneling Activities

A novel intrusion detection system which makes use of behavior proflles to identify HyperText Transfer Protocol (HTTP) tunneling activities and shows the efiectiveness of the system and the validity of using packet features for anomaly detection.

Web tap: detecting covert web traffic

The design of Web Tap is presented, results from its evaluation, as well as potential limits to Web Tap's capabilities are presented.

Discriminators for use in flow-based classification

This document describes sets of data intended to aid in the assessment of classification work; each data set consists a number of objects, and each object is described by a group of features (also referred to as discriminators).