about_customblogblog_customclosedocumenteliemenuphotos_custompublications_customsearch_newsmiletoolsvideos_custom
close-normalfacebookgoogleinstagramlinkedinlocationmailredditrsstagtwitteryoutube

Probabilistic Protocol Identification for Hard to Classify Protocol

With the growing use of protocols obfuscation techniques, protocol identification for Q.O.S enforcement, traffic prohibition, and intrusion detection has became a complex task. This paper addresses this issue with a probabilistic identification analysis that combines multiples advanced identification techniques and returns an ordered list of probable protocols. It combines a payload analysis with a classifier based on several discriminators, including packet entropy and size. We show with its implementation, that it overcomes the limitations of traditional port-based protocol identification when dealing with hard to classify protocol such as peer to peer protocols. We also detail how it deals with tunneled session and covert channel.
2nd International Workshop on Information Security Theory and Practices 2008

Downloads

Share this paper on your favorite social network.

Defcon 18
2010

Stay in touch

Join the 35K awesome readers community!

or

Recent

Be in the Know

Join thousands of readers who receive my latest blog posts in their inbox.
 
No spam I promise and you can unsubscribe anytime.
Elie Bursztein © 2017
Papers
Blog
Tools
Photos
About Me

Recent entries