Several security applications rely on monitoring network traffic, which is increasingly becoming encrypted. In this work, we propose a pattern language to describe packet trains for the purpose of fine-grained identification of application-level events in encrypted network traffic, and demonstrate its expressiveness with case studies for distinguishing Messaging, Voice, and Video events in Facebook, Skype, Viber, and WhatsApp network traffic. We provide an efficient implementation of this language, and evaluate its performance by integrating it into our proprietary DPI system. Finally, we demonstrate that the proposed pattern language can be mined from traffic samples automatically, minimizing the otherwise high ruleset maintenance burden.
CITATION STYLE
Papadogiannaki, E., Halevidis, C., Akritidis, P., & Koromilas, L. (2018). OTTer: A scalable high-resolution encrypted traffic identification engine. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11050 LNCS, pp. 315–334). Springer Verlag. https://doi.org/10.1007/978-3-030-00470-5_15
Mendeley helps you to discover research relevant for your work.