Internet Archive Scholar

Generalization of signatures for SSH encrypted traffic identification

Riyad Alshammari, Nur Zincir-Heywood
2009 2009 IEEE Symposium on Computational Intelligence in Cyber Security  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (2.9 MB)
https://web.archive.org/web/20110401191209/http://web.cs.dal.ca/~zincir/bildiri/cics09-rn.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL. The file type is application/pdf.

The objective of this work is to discover generalized signatures for identifying encrypted traffic where SSH is taken as an example application. What we mean by generalized signatures is that the signatures learned by training on one network are still valid when they are applied to traffic coming from a totally different network. We identified 13 signatures and 14 flow attributes for SSH traffic classification where IP addresses, source/destination ports and payload information are not
more » ... The signatures are able to identify encrypted traffic with high detection rate and low false positive rate. We can achieve up to 97% DR and 0.8% FPR for identifying SSH traffic.
doi:10.1109/cicybs.2009.4925105 dblp:conf/cics/AlshammariZ09 fatcat:6phfovkryffmjguttpljq7eepu
Citation

Riyad Alshammari, Nur Zincir-Heywood. "Generalization of signatures for SSH encrypted traffic identification." 2009 IEEE Symposium on Computational Intelligence in Cyber Security (2009) 167-174