- Tytuł:
- Tunneling Activities Detection Using Machine Learning Techniques
- Autorzy:
-
Allard, F.
Dubois, R.
Gompel, P.
Morel, M. - Powiązania:
- https://bibliotekanauki.pl/articles/309515.pdf
- Data publikacji:
- 2011
- Wydawca:
- Instytut Łączności - Państwowy Instytut Badawczy
- Tematy:
-
cyberdefense
network security
decision trees
hidden Markov models
HTTPS tunnel
RandomForest - Opis:
- Tunnel establishment, like HTTPS tunnel or related ones, between a computer protected by a security gateway and a remote server located outside the protected network is the most effective way to bypass the network security policy. Indeed, a permitted protocol can be used to embed a forbidden one until the remote server. Therefore, if the resulting information flow is ciphered, security standard tools such as application level gateways (ALG), firewalls, intrusion detection system (IDS), do not detect this violation. In this paper, we describe a statistical analysis of ciphered flows that allows detection of the carried inner protocol. Regarding the deployed security policy, this technology could be added in security tools to detect forbidden protocols usages. In the defence domain, this technology could help preventing information leaks through side channels. At the end of this article, we present a tunnel detection tool architecture and the results obtained with our approach on a public database containing real data flows.
- Źródło:
-
Journal of Telecommunications and Information Technology; 2011, 1; 37-42
1509-4553
1899-8852 - Pojawia się w:
- Journal of Telecommunications and Information Technology
- Dostawca treści:
- Biblioteka Nauki