On-line Detection of Encrypted Traffic Generated by Mesh-Based Peer-to-Peer Live Streaming Applications: The Case of GoalBit

2011 IEEE 10th International Symposium on Network Computing and Applications Pub Date : 2011-08-25 DOI:10.1109/NCA.2011.38

André F. Esteves, Pedro R. M. Inácio, Manuela Pereira, M. Freire

{"title":"On-line Detection of Encrypted Traffic Generated by Mesh-Based Peer-to-Peer Live Streaming Applications: The Case of GoalBit","authors":"André F. Esteves, Pedro R. M. Inácio, Manuela Pereira, M. Freire","doi":"10.1109/NCA.2011.38","DOIUrl":null,"url":null,"abstract":"The number and popularity of applications developed over the Peer-to-Peer (P2P) network paradigm has been growing over the last decade, some of which are dedicated to streaming multimedia content. To deceive traffic shaping mechanisms or improve the security of the communications, these applications generate encrypted traffic or resort to several obfuscation techniques, making it difficult to manage this kind of traffic at the network level. In this work, we propose a method that explores transmission vulnerabilities of the encrypted traffic allowing its detection. Hence, an experimental test bed was created to capture a diversity of traffic, which includes flows of a widely used P2P media streaming application called Goal Bit. The collected traces of traffic were then analysed, and a set of rules was created for the SNORT network intrusion detection system, which allows the successful detection of the encrypted traffic generated by Goal Bit. The accuracy of this system was then validated experimentally.","PeriodicalId":258309,"journal":{"name":"2011 IEEE 10th International Symposium on Network Computing and Applications","volume":"88 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 10th International Symposium on Network Computing and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NCA.2011.38","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

The number and popularity of applications developed over the Peer-to-Peer (P2P) network paradigm has been growing over the last decade, some of which are dedicated to streaming multimedia content. To deceive traffic shaping mechanisms or improve the security of the communications, these applications generate encrypted traffic or resort to several obfuscation techniques, making it difficult to manage this kind of traffic at the network level. In this work, we propose a method that explores transmission vulnerabilities of the encrypted traffic allowing its detection. Hence, an experimental test bed was created to capture a diversity of traffic, which includes flows of a widely used P2P media streaming application called Goal Bit. The collected traces of traffic were then analysed, and a set of rules was created for the SNORT network intrusion detection system, which allows the successful detection of the encrypted traffic generated by Goal Bit. The accuracy of this system was then validated experimentally.

查看原文本刊更多论文

基于网格的点对点直播应用生成的加密流量在线检测:以GoalBit为例

在过去十年中，基于点对点(P2P)网络范例开发的应用程序的数量和受欢迎程度一直在增长，其中一些应用程序专门用于流媒体多媒体内容。为了欺骗流量整形机制或提高通信的安全性，这些应用程序生成加密的流量或采用几种混淆技术，使得在网络级别管理此类流量变得困难。在这项工作中，我们提出了一种方法来探索允许其检测的加密流量的传输漏洞。因此，创建了一个实验测试平台来捕获各种流量，其中包括广泛使用的称为Goal Bit的P2P媒体流应用程序的流量。然后对收集到的流量轨迹进行分析，并为SNORT网络入侵检测系统创建一组规则，该规则允许成功检测Goal Bit生成的加密流量。通过实验验证了该系统的准确性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 IEEE 10th International Symposium on Network Computing and Applications

自引率

0.00%

发文量