Peter Dorfinger
ABSTRACT
We propose a novel approach for real-time privacy preserving traffic filtering based on entropy estimation. The decision of the real-time classifier is based on the entropy of the payload from first packet of a flow. The aim of the classifier is to detect traffic with encrypted payload. As a proof of concept we show the applicability of our approach as a traffic filter for a Skype detection engine. Traces collected in laboratory and real-world environments show that the traffic is reduced by a reasonable amount while achieving similar or even improved detection quality.
- D. Adami, C. Callegari, S. Giordano, M. Pagano, and T. Pepe. A real-time algorithm for skype traffic detection and classification. In NEW2AN, pages 168--179, 2009. Google Scholar
Digital Library
- A. Antos and I. Kontoyiannis. Convergence properties of functional estimates for discrete distributions. Random Structures and Algorithms, 19(3/4):163--193, 2001. Google ScholarDigital Library
- D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, and P. Tofanelli. Revealing skype traffic: when randomness plays with you. In SIGCOMM, pages 37--48, 2007. Google ScholarDigital Library
- D. Koukis, S. Antonatos, D. Antoniades, E. Markatos, and P. Trimintzios. A generic anonymization framework for network traffic. In Proceedings of the IEEE International Conference on Communications (ICC 2006), 2006.Google ScholarCross Ref
- J. Olivain and J. Goubault-Larrecq. Detecting subverted cryptographic protocols by entropy checking. Research Report LSV-06-13, Laboratoire Spécification et Vérification, ENS Cachan, France, June 2006.Google Scholar
- L. Paninski. Estimation of entropy and mutual information. Neural Computation, 15(6):1191--1253, 2003. Google ScholarDigital Library
- A. Pescape. Entropy-Based Reduction of Traffic Data. IEEE Communications Letters, 11(2):191, 2007.Google ScholarCross Ref
Index Terms
- Entropy-based traffic filtering to support real-time Skype detection
Recommendations
Entropy estimation for real-time encrypted traffic identification
TMA'11: Proceedings of the Third international conference on Traffic monitoring and analysisThis paper describes a novel approach to classify network traffic into encrypted and unencrypted traffic. The classifier is able to operate in real-time as only the first packet of each flow is processed. The main metric used for classification is an ...
Skype-Hunter: A real-time system for the detection and classification of Skype traffic
In the previous years, Skype has gained more and more popularity, since it is seen as the best VoIP software with good quality of sound, ease of use and one that works everywhere and with every OS. Because of its great diffusion, both the operators and ...
Real-time traffic support in heterogeneous mobile networks
Multi-hop mobile wireless networks have been proposed for a variety of applications where support for real-time multimedia services will be necessary. Support for these applications requires that the network is able to offer quality of service (QoS) ...
Comments