Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting
نویسندگان
چکیده
Application-layer tunnels nowadays represent a significant security threat for any network protected by firewalls and Application Layer Gateways. The encapsulation of protocols subject to security policies such as peer-to-peer, e-mail, chat and others into protocols that are deemed as safe or necessary, such as HTTP, SSH or even DNS, can bypass any network-boundary security policy, even those based on stateful packet inspection. In this paper we propose a statistical classification mechanism that could represent an important step towards new techniques for securing network boundaries. The mechanism, called Tunnel Hunter, relies on the statistical characterization at the IP-layer of the traffic that is allowed by a given security policy, such as HTTP or SSH. The statistical profiles of the allowed usages of those protocols can then be dynamically checked against traffic flows crossing the network boundaries, identifying with great accuracy when a flow is being used to tunnel another protocol. Results from experiments conducted on a live network suggest that the technique can be very effective, even when the application-layer protocol used as a tunnel is encrypted, such as in the case of SSH.
منابع مشابه
3-D Numerical Investigation of Flow Field in Starting Stage of High Speed Wind Tunnels
High speed wind tunnels are widely used in the study of fluid flow behavior around various objects. The air flow in the starting step of supersonic wind tunnels is transient including strong shock waves caused by the interaction of the tunnel main stream and the boundary layer at walls. To arrive in running step, the tunnel must be designed so as these waves leave immediately the test section. ...
متن کاملA statistical framework for identification of tunnelled applications using machine learning
This work describes a statistical approach to detect applications which are running inside application layer tunnels. Application layer tunnels are a significant threat for network abuse and violation of acceptable internet usage policy of an organisation. In tunnelling, the prohibited application packets are encapsulated as payload of an allowed protocol packet. It is much difficult to identif...
متن کامل3-D Numerical Investigation of Flow Field in Starting Stage of High Speed Wind Tunnels
High speed wind tunnels are widely used in the study of fluid flow behavior around various objects. The air flow in the starting step of supersonic wind tunnels is transient including strong shock waves caused by the interaction of the tunnel main stream and the boundary layer at walls. To arrive in running step, the tunnel must be designed so as these waves leave immediately the test section. ...
متن کاملNumerical Investigation on Effects of Deep Excavations’ Position on Existing Metro Tunnels in Urban Areas
Nowadays deep excavations are needed for construction of foundation of high rise buildings, providing space for parking and etc. In some cases deep excavations may be constructed in the vicinity of the subway tunnels and causes unpredicted extra displacements and internal forces in tunnel lining of tunnels which were not designed for them and consequently affect serviceability of tunnel. Theref...
متن کاملUncovering identities: A study into VPN tunnel fingerprinting
Operating System fingerprinting is a reconnaissance method which can be used by attackers or forensic investigators. It identifies a system's identity by observing its responses to targeted probes, or by listening on a network and passively observing its network ‘etiquette’. The increased deployment of encrypted tunnels and Virtual Private Networks (VPNs) calls for the formulation of new finger...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computer Networks
دوره 53 شماره
صفحات -
تاریخ انتشار 2009