On the identification and analysis of Skype traffic

Molnár, Sándor; Perényi, Marcell

doi:10.1002/dac.1142

Cited by 31 publications

(16 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For the problem under investigation, we resort to the simple statistics of x in order to avoid packet inspection and to guarantee quick feature building. The joint analysis of the anomalies at different timescales [14] or at different points of the system [15,16] sometimes helps improve performance. Anomaly-based detection may be more adaptive than ML as it simply looks at sudden changes of flows statistics [4,13], while providing good detection rates [12].…”

Section: Problem Formulationmentioning

confidence: 99%

DNS tunneling detection through statistical fingerprints of protocol messages and machine learning

Aiello

Mongelli

Papaleo

2014

Int J Communication

View full text Add to dashboard Cite

The use of covert-channel methods to bypass security policies has increased considerably in the recent years. Malicious users neutralize security restriction by encapsulating protocols like peer-to-peer, chat or http proxy into other allowed protocols like Domain Name Server (DNS) or HTTP. This paper illustrates a machine learning approach to detect one particular covert-channel technique: DNS tunneling.Despite packet inspection may guarantee reliable intrusion detection in this context, it may suffer of scalability performance when a large set of sockets should be monitored in real time. Detecting the presence of DNS intruders by an aggregation-based monitoring is of main interest as it avoids packet inspection, thus preserving privacy and scalability. The proposed monitoring mechanism looks at simple statistical properties of protocol messages, such as statistics of packets inter-arrival times and of packets sizes. The analysis is complicated by two drawbacks: silent intruders (generating small statistical variations of legitimate traffic) and quick statistical fingerprints generation (to obtain a detection tool really applicable in the field).Results from experiments conducted on a live network are obtained by replicating individual detections over successive samples over time and by making a global decision through a majority voting scheme. The technique overcomes traditional classifier limitations. An insightful analysis of the performance leads to discover a unique intrusion detection tool, applicable in the presence of different tunneled applications. ¶ The n s with an order of magnitude more (n s D 10 4 ) captures features with a higher measurement stability, thus allowing to reach the steady state after K=811 samples.

show abstract

Section: Problem Formulationmentioning

confidence: 99%

DNS tunneling detection through statistical fingerprints of protocol messages and machine learning

Aiello

Mongelli

Papaleo

2014

Int J Communication

View full text Add to dashboard Cite

show abstract

“…Literature [3]- [5] research how to identify Skype traffic. However, these studies were only for audio calls, and not apply to video call traffic identification.…”

Section: Related Workmentioning

confidence: 99%

Video Call Traffic Identification based on Bayesian Model

Ying¹,

Huang²,

Wang³

et al. 2013

Proceedings of the 2nd International Conference on Systems Engineering and Modeling

View full text Add to dashboard Cite

Abstract. This paper proposes Bayesian statistical method to identify the video traffic by the symmetrical features and coding statistical characteristics of video calls. According to the problem of high computational complexity of the non-parametric probability density estimate method in the condition of large samples, we propose grid probability density estimation method of gird division to reduce the computational complexity. We present identification results. The experimental results indicate that that this method can effectively detect video call traffic.

show abstract

“…A variety of techniques have been used; perhaps the most thorough approach is that of Molnár [11] which makes use of observed signaling traffic on a range of ports, timing characteristics of UDP keepalive messages, and a range of call connection properties (bandwidth, packet rate, average packet size, main mode of packet inter-arrival time). …”

Section: Categorizationsmentioning

confidence: 99%

The network from above and below

Brundell

Crabtree

Mortier

et al. 2011

Proceedings of the First ACM SIGCOMM Workshop on Measurements Up the Stack

View full text Add to dashboard Cite

Recently, the HCI community has taken a strong interest in problems associated with networking. Many of those problems have also been the focus of much recent networking research, e.g., traffic identification, network management, access control. In this paper we consider these two quite different viewpoints of the problems specifically associated with home networking. Focusing on traffic identification as a core capability required by much recent HCI work, we explore the mismatch between the approaches the two communities have taken, and suggest some resulting challenges and directions for future work.

show abstract

On the identification and analysis of Skype traffic

Cited by 31 publications

References 18 publications

DNS tunneling detection through statistical fingerprints of protocol messages and machine learning

DNS tunneling detection through statistical fingerprints of protocol messages and machine learning

Video Call Traffic Identification based on Bayesian Model

The network from above and below

Contact Info

Product

Resources

About