Logo des Repositoriums
 
Konferenzbeitrag

Network forensic of partial SSL/TLS encrypted traffic classification using clustering-algorithms

Lade...
Vorschaubild

Volltext URI

Dokumententyp

Text/Conference Paper

Zusatzinformation

Datum

2008

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Verlag

Gesellschaft für Informatik e.V.

Zusammenfassung

Machine learning tools have long been used in network traffic analysis, but their application to the network forensics domain and ist specific issues has been limited thus far. We investigate the applicability of several common machine learning techniques to identify and classify partial encrypted traffic as may be encountered by forensic investigators confronted only with partial post-hoc traces. Is is highly desirable to identify the types of applications and endpoints using such tunnels to faciliate further forensic investigation. In this paper, we therefore examine several clustering algorithms, namely DBSCAN (Density-Based Spatial Clustering of Application with Noise), K-means, and EM (Expectation-Maximization) with regard to their ability to classify encrypted partial traffic using inter-arrival time and TCP lenght information chosen for its predictive significance. Our experiments demonstrate promising classifiction results.

Beschreibung

Wu, Meng-Da; Wolthusen, Stephen D. (2008): Network forensic of partial SSL/TLS encrypted traffic classification using clustering-algorithms. IMF 2008 – IT Incident Management & IT Forensics. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-234-5. pp. 157-172. Regular Research Papers. Mannheim. September, 23-25, 2008

Schlagwörter

Zitierform

DOI

Tags