Detecting Hidden Communications Protocols

Abstract

The work funded by the grant is structured in three parts: We analyzed the vulnerability of the current generation anonymity tools to traffic analysis attacks. We specifically concentrate on SSH security and The Onion Router (Tor) anonymity tools. Our analysis used deterministic hidden Markov models (HMMs). We used traffic timing data to analyze one of the most sophisticated and popular types of cybercrime tools -- botnet. We presented two botnet detection methods: centralized botnet traffic detection using HMMs and probabilistic context-free grammars (PCFGs) for centralized and P2P botnet traffic detection. Finally, a hybrid network security scheme that combines the advantages of widely deployed security technologies (intrusion detection systems (IDS) and honeypots) was proposed. The scheduling problem of the security system was modeled as an average decentralized partially observable Markov decision process (DEC-POMDP) and solved using our nonlinear programming (NLP)-based solution method.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 11, 2013
Accession Number
ADA581858

Entities

People

  • Richard R. Brooks

Organizations

  • Clemson University

Tags

Communities of Interest

  • Energy and Power Technologies
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Algorithms
  • Computer Network Security
  • Computer Networks
  • Computer Programming
  • Computers
  • Context Free Grammars
  • Data Sets
  • Detection
  • Hidden Markov Models
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Language
  • Local Area Networks
  • Markov Models
  • Probability
  • Reliability

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Neural Network Machine Learning.

Technology Areas

  • Cyber