Entropy Estimation for Real-Time Encrypted Traffic Identification
Paper i proceeding, 2011

This paper describes a novel approach to classify network traffic into encrypted and unencrypted traffic. The classifier is able to operate in real-time as only the first packet of each flow is processed. The main metric used for classification is an estimation of the entropy of the first packet payload. The approach is evaluated based on encrypted ground truth traces and on real network traces. Encrypted traffic such as Skype, or encrypted eDonkey traffic are detected as encrypted with probability higher than 94%. Unencrypted protocols such as SMTP, HTTP, POP3 or FTP are detected as unencrypted with probability higher than 99.9%. The presented approach, named real-time encrypted traffic detector (RT-ETD), is well suited to operate as pre-filter for advanced classification approaches to enable their applicability on increased bandwidth.

entropy estimation

real-time detection

traffic filtering

Författare

Peter Dorfinger

Salzburg Research Forschungsgesellschaft mbH

Georg Panholzer

Salzburg Research Forschungsgesellschaft mbH

Wolfgang John

Chalmers, Data- och informationsteknik, Nätverk och system

Lecture Notes in Computer Science

0302-9743 (ISSN)

Vol. 6613 164-171

Ämneskategorier

Datorteknik

Telekommunikation

Styrkeområden

Informations- och kommunikationsteknik

DOI

10.1007/978-3-642-20305-3_14

ISBN

978-3-642-20304-6

Mer information

Skapat

2017-10-07