Advanced Search
CS Search Google Search
Subscribers, please login

Published Articles >> Table of Contents >> Abstract

22nd Annual Computer Security Applications Conference (ACSAC'06)   pp. 109-120
Detecting Policy Violations through Traffic Analysis
Jeffrey Horton, University of Wollongong, Australia
Rei Safavi-Naini, University of Wollongong, Australia
Full Article Text: Download PDF of full textBuy this article

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.24
Send link to a friend

Abstract
Restrictions are commonly placed on the permitted uses of network protocols in the interests of security. These restrictions can sometimes be difficult to enforce. As an example, a permitted protocol can be used as a carrier for another protocol not otherwise permitted. However, if the observable behaviour of the protocol exhibits differences between permitted and non-permitted uses, it is possible to detect inappropriate use.

We consider SSH, the Secure Shell protocol. This is an encrypted protocol with several uses. We attempt firstly to classify SSH sessions according to some different types of traffic for which the sessions have been used, and secondly, given a policy that permits SSH use for interactive traffic, to identify when a session appears to have been used for some other purpose.
Additional Information

Citation:  Jeffrey Horton, Rei Safavi-Naini, "Detecting Policy Violations through Traffic Analysis," acsac, pp. 109-120,  22nd Annual Computer Security Applications Conference (ACSAC'06),  2006

Similar Articles

Abstract Contents
Abstract
Citation

Download Citation
Ascii Text
BibTex
RefWorks
Procite/RefMan/Endnote




Free access to

  • Abstracts
  • Selected PDFs

Electronic subscribers login to:

  • Access HTML/PDFs of full text articles

Subscription information

Get a Web account

PDFs require Adobe Acrobat Reader.

Peer Review Notice

Give us Feedback