JSM 2005 - Toronto

Abstract #303448

This is the preliminary program for the 2005 Joint Statistical Meetings in Minneapolis, Minnesota. Currently included in this program is the "technical" program, schedule of invited, topic contributed, regular contributed and poster sessions; Continuing Education courses (August 7-10, 2005); and Committee and Business Meetings. This on-line program will be updated frequently to reflect the most current revisions.

To View the Program:
You may choose to view all activities of the program or just parts of it at any one time. All activities are arranged by date and time.



The views expressed here are those of the individual authors
and not necessarily those of the ASA or its board, officers, or staff.

The Program has labeled the meeting rooms with "letters" preceding the name of the room, designating in which facility the room is located:

Minneapolis Convention Center = “MCC” Hilton Minneapolis Hotel = “H” Hyatt Regency Minneapolis = “HY”

Back to main JSM 2005 Program page
Legend: = Applied Session, = Theme Session, = Presenter
Activity Number: 440
Type: Topic Contributed
Date/Time: Wednesday, August 10, 2005 : 2:00 PM to 3:50 PM
Sponsor: Section on Statisticians in Defense and National Security
Abstract - #303448
Title: Application Protocol Recognition in Encrypted Internet Traffic
Author(s): Charles Wright*+ and Fabian Monrose and Gerald Masson
Companies: Johns Hopkins University and Johns Hopkins University and Johns Hopkins University
Address: 3400 N Charles, Baltimore, MD, 21218, United States
Keywords: traffic analysis ; Hidden Markov Models ; mixture models ; network security ; intrusion detection
Abstract:

We analyze network-layer behavioral patterns in wide-area traffic and use these behaviors to infer the application layer protocols in use in potentially encrypted traffic. We consider both application layer encryption, such as SSL where individual end-to-end connections are easily identified, and network layer encryption where the end-to-end streams may be difficult or impossible to demultiplex. Using Hidden Markov Models, we demonstrate empirical results on par with the best-known application-layer classifiers, and using mixture models, we present a first look at the more difficult analysis of encrypted networks such as VPNs. Applications to anomaly-based intrusion detection also are discussed.

  • The address information is for the authors that have a + after their name.
  • Authors who are presenting talks have a * after their name.

Back to the full JSM 2005 program

JSM 2005 For information, contact jsm@amstat.org or phone (888) 231-3473. If you have questions about the Continuing Education program, please contact the Education Department.
Revised March 2005