Identification and classification of web traffic inside encrypted network tunnels

摘要

The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information.

主权项

1. A method, comprising:
analyzing network traffic of unencrypted data packets to detect packet traffic patterns, packet timing patterns, and packet size patterns therein; correlating the detected packet traffic patterns, the detected packet timing patterns, and the detected packet size patterns to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus; storing the at least one of the training corpus and the model in a memory device; observing packet traffic patterns, packet timing patterns, and packet size patterns of encrypted data packets; and comparing the observed packet traffic patterns, the observed packet timing patterns, and the observed packet size patterns of the encrypted data packets to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information for the encrypted data packets.