Probabilistic protocol identification for hard to classify protocolProbabilistic protocol identification for hard to classify protocol
  1. publications
  2. network security

Probabilistic protocol identification for hard to classify protocol

Available Media

Publication (Pdf)

Slides (pdf)

Conference2nd International Workshop on Information Security Theory and Practices
AuthorElie Bursztein
Award Best Paper Award
Citation

Bibtex Citation

@inproceedings{ BURSZTEIN2008PROBABILISTIC,title = {Probabilistic protocol identification for hard to classify protocol},author = {"Elie, Bursztein"},booktitle = {2nd International Workshop on Information Security Theory and Practices},year = {2008},organization = {Springer}}

With the growing use of protocols obfuscation techniques, protocol identification for Q.O.S enforcement,traffic prohibition, and intrusion detection has became a complex task. This paper addresses this issue with a probabilistic identification analysis that combines multiples advanced identification techniques and returns an ordered list of probable protocols. It combines a payload analysis with a classifier based on several discriminators, including packet entropy and size. We show with its implementation, that it overcomes the limitations of traditional port-based protocol identification when dealing with hard to classify protocol such as peer to peer protocols. We also detail how it deals with tunneled session and covert channel.

Recent

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.