Abstract—In recent years, malware with strong concealment uses encrypted protocol to evade detection. Thus, encrypted traffic identification can help security analysts to be more effective in narrowing down those encrypted network traffic. Existing methods are protocol-independent, such as statistical-based and machine-learning-based approaches. Statistical-based approaches,however, are confined to payload length and machine learning-based approaches have a low recognition rate for encrypted traffic using undisclosed protocols. In this paper, we proposed a Heuristic Statistical Testing (HST) approach that combines both statistics and machine learning and has been proved to alleviate their respective deficiencies. We manually selected four randomness tests to extract small payload features for machine learning to improve real-time performances. We also proposed a simple handshake skipping method called HSTRto increase the classification accuracy. We compared our approach with other identification approaches on a testing data set consisting of traffic that uses two known, two undisclosed and one custom cryptographic protocols. Experimental results showed that HST-R performs better than other traditional coding-based,entropy-based and ML-based approaches. We also showed our handshake skipping method could generalize better for unknown cryptographic protocols. Finally, we also conducted experimental comparisons among different classification algorithms. The results showed that C4.5, with our method, has the highest identification accuracy for SSL and SSH traffic.
To View the Abstract Contents
Now it is Your Time to Shine.
Great careers Start Here.
We Guide you to Every Step
Success! You're Awesome
Thank you for filling out your information!
We’ve sent you an email with your Final Year Project PPT file download link at the email address you provided. Please enjoy, and let us know if there’s anything else we can help you with.
To know more details Call 900 31 31 555
The WISEN Team