A Statistical Framework for Identification of Tunnelled Applications using Machine Learning

IAJIT
Archive
- Volume 20, 2023
  
  January 2023, No.1
  
  March 2023, No.2
- Volume 19, 2022
  
  January 2022, No.1
  
  March 2022, No.2
  
  May 2022, No. 3
  
  Special Issue 2022, No. 3A
  
  July 2022, No. 4
  
  September 2022, No. 5
  
  November 2022, No. 6
- Volume 18, 2021
  
  January 2021, No.1
  
  March 2021, No.2
  
  May 2021, No. 3
  
  Special Issue 2021, No. 3A
  
  July 2021, No. 4
  
  September 2021, No. 5
  
  November 2021, No. 6
- Volume 17, 2020
  
  January 2020, No.1
  
  March 2020, No. 2
  
  May 2020, No. 3
  
  July 2020, No. 4
  
  Special Issue 2020, No. 4A
  
  September 2020, No. 5
  
  November 2020, No. 6
- Volume 16, 2019
  
  January 2019, No.1
  
  March 2019, No. 2
  
  May 2019, No. 3
  
  Special Issue 2019, No. 3A
  
  July 2019, No. 4
  
  September 2019, No. 5
  
  November 2019, No. 6
- Volume 15, 2018
  
  January 2018, No.1
  
  March 2018, No. 2
  
  May 2018, No. 3
  
  Special Issue 2018, No. 3A
  
  July 2018, No. 4
  
  September 2018, No. 5
  
  November 2018, No. 6
- Volume 14, 2017
  
  January 2017, No.1
  
  March 2017, No. 2
  
  May 2017, No. 3
  
  July 2017, No. 4
  
  pecial Issue 2017, No. 4A
  
  September 2017, No 5
  
  November 2017, No. 6
- Volume 13, 2016
  
  January 2016. No.1
  
  March 2016, No. 2
  
  May 2016, No. 3
  
  July 2016, No.4
  
  September 2016, No.5
  
  November 2016, No.6
- Volume 12, 2015
  
  January 2015. No.1
  
  March 2015. No.2
  
  May 2015. No.3
  
  July 2015. No.4
  
  September 2015. No. 5
  
  November 2015. No. 6
  
  December 2015. No. 6A
- Volume 11, 2014
  
  January 2014, No.1
  
  March 2014, No.2
  
  May 2014, No.3
  
  July 2014, No.4
  
  November 2014, No.6
- Volume 10, 2013
  
  January 2013, No. 1
  
  March 2013, No.2
  
  May 2013, No. 3
  
  July 2013, No. 4
  
  November 2013, No. 6
- Volume 9, 2012
  
  January 2012, No. 1
  
  March 2012, No. 2
  
  May 2012, No. 3
  
  July 2012, No. 4
  
  September 2012, No. 5
  
  November 2012, No. 6
- Volume 8, 2011
  
  January 2011, No 1
  
  April 2011, No. 2
  
  July 2011, No. 3
  
  October 2011, No.4
- Volume 7, 2010
  
  October 2010, No. 4
  
  July 2010, No. 3
  
  April 2010, No. 2
  
  January 2010, No. 1
- Volume 6, 2009
  
  January 2009, No. 1
  
  April 2009, No. 2
  
  July 2009, No. 3
  
  October 2009, No. 4
  
  November 2009, No. 5
- Volume 5, 2008
  
  January 2008, No. 1
  
  April 2008, No.2
  
  July 2008, No. 3
  
  October 2008, No. 4
- Volume 4, 2007
  
  January 2007, No. 1
  
  April 2007, No. 2
  
  July 2007, No.3
  
  October 2007, No. 4
- Volume 3, 2006
  
  January 2006, No. 1
  
  April 2006, No. 2
  
  July 2006, No. 3
  
  October 2006, No. 4
- Volume 2, 2005
  
  January 2005, No. 1
  
  April 2005, No. 2
  
  July 2005, No. 3
  
  October 2005, No. 4
- Volume 1, 2003-2004
  
  July 2004, No. 2
  
  January 2004, No. 1
  
  July 2003, No. 0
About IAJIT
About CCIS
IAJIT Impact Factor

A Statistical Framework for Identification of Tunnelled Applications using Machine Learning

Written by Super User
Update: 29/09/2015

font size decrease font size increase font size
Print
Email
Rate this item
- 1
- 2
- 3
- 4
- 5
(0 votes)

A Statistical Framework for Identification of Tunnelled Applications using Machine Learning

Ghulam Mujtaba1 and David Parish2

1Department of Electrical Engineering, Comsats Institute of Information Technology, Pakistan

2School of Electronic and Engineering, Loughborough University, UK

Abstract: This work describes a statistical approach to detect applications which are running inside application layer tunnels. Application layer tunnels are a significant threat for network abuse and violation of acceptable internet usage policy of an organisation. In tunnelling, the prohibited application packets are encapsulated as payload of an allowed protocol packet. It is much difficult to identify tunnelling using conventional methods in the case of encrypted HTTPS tunnels, for example. Hence, machine learning based approach is presented in this work in which statistical packet stream features are used to identify the application inside a tunnel. Packet Size Distribution (PSD) in the form of discrete bins is an important feature which is shown to be indicative of the respective application. This work presents a combination of other features with the PSD bins for better identification of the applications. Tunnelled applications are identifiable using these traffic statistical parameters. A comparison of the performance accuracy of five machine learning algorithms for application detection using this feature set is also given.

Keywords: Network security, tunnelled applications, firewalls, HTTP tunnels, HTTPS tunnels.

Received May 22, 2013; Accepted May 17, 2015

Full Text

Read 1540 times Last modified on Sunday, 19 August 2018 06:07

Published in Vol 12, No.6A, December 2015(Special Issue) ( Vol 12, No.6A, December 2015 )

Share

Super User

Latest from Super User

More in this category: « A Measurement of Similarity to Identify Identical Code Clones Utilizing Corpus Statistics for Hindi Word Sense Disambiguation »