Tunneling Activities Detection Using Machine Learning Techniques

Abstract

Tunnel establishment, like HTTPS tunnel or related ones, between a computer protected by a security gateway and a remote server located outside the protected network is the most effective way to bypass the network security policy. Indeed, a permitted protocol can be used to embed a forbidden one until the remote server. Therefore, if the resulting information flow is ciphered, security standard tools such as ALG1, firewalls, IDS2, do not detect this violation. In this paper, we describe a statistical analysis of ciphered flows that allows detection of the carried inner protocol. Regarding the deployed security policy, this technology could be added in security tools to detect forbidden protocols usages. In the defence domain, this technology could help preventing information leaks through side channels. At the end of this article, we present a tunnel detection tool architecture and the results obtained with our approach on a public database containing real data flows.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2010
Accession Number
ADA546465

Entities

People

  • Fabien Allard
  • Mathieu Morel
  • Paul Gompel
  • Renaud Dubois

Tags

Communities of Interest

  • Autonomy
  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Abstracts
  • Algorithms
  • Computations
  • Computing System Architectures
  • Databases
  • Detection
  • Information Science
  • Information Systems
  • Internet
  • Learning
  • Machine Learning
  • Quantum Tunneling
  • Standards
  • Statistical Analysis
  • Supervised Machine Learning
  • Tunneling
  • Tunnels

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications

Technology Areas

  • AI & ML
  • Cyber