Title:

Tunneling Activities Detection Using Machine Learning Techniques, Journal of Telecommunications and Information Technology, 2011, nr 1

Creator:

Dubois, Renaud ; Morel, Mathieu ; Allard, Fabien ; Gompel, Paul

Subject and Keywords:

network security ; cyberdefense ; hidden Markov models ; RandomForest ; decision trees ; HTTPS tunnel

Description:

Tunnel establishment, like HTTPS tunnel or related ones, between a computer protected by a security gateway and a remote server located outside the protected network is the most effective way to bypass the network security policy. Indeed, a permitted protocol can be used to embed a forbidden one until the remote server. Therefore, if the resulting information flow is ciphered, security standard tools such as application level gateways (ALG), firewalls, intrusion detection system (IDS), do not detect this violation. In this paper, we describe a statistical analysis of ciphered flows that allows detection of the carried inner protocol. Regarding the deployed security policy, this technology could be added in security tools to detect forbidden protocols usages. In the defence domain, this technology could help preventing information leaks through side channels. At the end of this article, we present a tunnel detection tool architecture and the results obtained with our approach on a public database containing real data flows.

Publisher:

Instytut Łączności - Państwowy Instytut Badawczy, Warszawa

Date:

2011, nr 1

Resource Type:

artykuł

Format:

application/pdf

Resource Identifier:

ISSN 1509-4553, on-line: ISSN 1899-8852

DOI:

10.26636/jtit.2011.1.1132

ISSN:

1509-4553

eISSN:

1899-8852

Source:

Journal of Telecommunications and Information Technology

Language:

ang

Rights Management:

Biblioteka Naukowa Instytutu Łączności