在UDP媒体流中检测Skype流的有效技术

2013 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS) Pub Date : 2013-12-01 DOI:10.1109/ANTS.2013.6802872

Tejmani Sinam, Irengbam Tilokchan Singh, Pradeep Lamabam, Nandarani Ngasham

{"title":"在UDP媒体流中检测Skype流的有效技术","authors":"Tejmani Sinam, Irengbam Tilokchan Singh, Pradeep Lamabam, Nandarani Ngasham","doi":"10.1109/ANTS.2013.6802872","DOIUrl":null,"url":null,"abstract":"As the use and popularity of VoIP applications grows, more and more Internet traffic are being generated by them. Many VoIP applications uses RTP to carry media traffic. Notable examples includes Gtalk, Google+ Hangouts, Asterisk based VoIP and Apple's FaceTime. On the other hand, Skype uses a proprietary protocol based on P2P architecture. It uses encryption for end to end communications and adopts obfuscation and anti reverse engineering techniques to prevent reverse engineering of the Skype protocol. This makes the detection of Skype flows a challenging task. Although Skype encrypts all communications, still a portion of Skype payload header known as Start of Message (SoM) is left unencrypted. In this paper, we develop an efficient technique for detection of Skype flows in UDP media streams. Our detection techniques relies on heuristics based on the information contained in Skype SoM and RTP headers.","PeriodicalId":286834,"journal":{"name":"2013 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"An efficient technique for detecting Skype flows in UDP media streams\",\"authors\":\"Tejmani Sinam, Irengbam Tilokchan Singh, Pradeep Lamabam, Nandarani Ngasham\",\"doi\":\"10.1109/ANTS.2013.6802872\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the use and popularity of VoIP applications grows, more and more Internet traffic are being generated by them. Many VoIP applications uses RTP to carry media traffic. Notable examples includes Gtalk, Google+ Hangouts, Asterisk based VoIP and Apple's FaceTime. On the other hand, Skype uses a proprietary protocol based on P2P architecture. It uses encryption for end to end communications and adopts obfuscation and anti reverse engineering techniques to prevent reverse engineering of the Skype protocol. This makes the detection of Skype flows a challenging task. Although Skype encrypts all communications, still a portion of Skype payload header known as Start of Message (SoM) is left unencrypted. In this paper, we develop an efficient technique for detection of Skype flows in UDP media streams. Our detection techniques relies on heuristics based on the information contained in Skype SoM and RTP headers.\",\"PeriodicalId\":286834,\"journal\":{\"name\":\"2013 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)\",\"volume\":\"40 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ANTS.2013.6802872\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ANTS.2013.6802872","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

随着VoIP应用程序的使用和普及，越来越多的互联网流量由它们产生。许多VoIP应用程序使用RTP传输媒体流量。值得注意的例子包括Gtalk、Google+ Hangouts、基于Asterisk的VoIP和苹果的FaceTime。另一方面，Skype使用基于P2P架构的专有协议。它采用加密实现端到端通信，并采用混淆和反逆向工程技术来防止Skype协议的逆向工程。这使得检测Skype流量成为一项具有挑战性的任务。尽管Skype加密了所有通信，但仍有一部分Skype有效载荷头(称为消息开始(SoM))未加密。在本文中，我们开发了一种有效的检测UDP媒体流中的Skype流的技术。我们的检测技术依赖于基于Skype SoM和RTP标头中包含的信息的启发式方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An efficient technique for detecting Skype flows in UDP media streams

As the use and popularity of VoIP applications grows, more and more Internet traffic are being generated by them. Many VoIP applications uses RTP to carry media traffic. Notable examples includes Gtalk, Google+ Hangouts, Asterisk based VoIP and Apple's FaceTime. On the other hand, Skype uses a proprietary protocol based on P2P architecture. It uses encryption for end to end communications and adopts obfuscation and anti reverse engineering techniques to prevent reverse engineering of the Skype protocol. This makes the detection of Skype flows a challenging task. Although Skype encrypts all communications, still a portion of Skype payload header known as Start of Message (SoM) is left unencrypted. In this paper, we develop an efficient technique for detection of Skype flows in UDP media streams. Our detection techniques relies on heuristics based on the information contained in Skype SoM and RTP headers.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)

自引率

0.00%

发文量