论文信息 - Revealing skype traffic: when randomness plays with you

Revealing skype traffic: when randomness plays with you

Skype is a very popular VoIP software which has recently attracted the attention of the research community and network operators. Following a closed source and proprietary design, Skype protocols and algorithms are unknown. Moreover, strong encryption mechanisms are adopted by Skype, making it very difficult to even glimpse its presence from a traffic aggregate. In this paper, we propose a framework based on two complementary techniques to reveal Skypetraffic in real time. The first approach, based on Pearson'sChi-Square test and agnostic to VoIP-related trafficcharacteristics, is used to detect Skype's fingerprint from the packet framing structure, exploiting the randomness introduced at the bit level by the encryption process. Conversely, the second approach is based on a stochastic characterization of Skype traffic in terms of packet arrival rate and packet length, which are used as features of a decision process based on Naive Bayesian Classifiers.In order to assess the effectiveness of the above techniques, we develop an off-line cross-checking heuristic based on deep-packet inspection and flow correlation, which is interesting per se. This heuristic allows us to quantify the amount of false negatives and false positives gathered by means of the two proposed approaches: results obtained from measurements in different networks show that the technique is very effective in identifying Skype traffic. While both Bayesian classifier and packet inspection techniques are commonly used, the idea of leveraging on randomness to reveal traffic is novel. We adopt this to identify Skype traffic, but the same methodology can be applied to other classification problems as well.

Marco Mellia | Michela Meo | Dario Bonfiglio | Dario Rossi | Paolo Tofanelli

[1] Eric Rescorla,et al. HTTP Over TLS , 2000, RFC.

[2] Andrew W. Moore,et al. Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[3] John Skilling,et al. Data analysis : a Bayesian tutorial , 1996 .

[4] Mark Carson,et al. NIST Net: a Linux-based network emulation tool , 2003, CCRV.

[5] Marco Mellia,et al. Measuring IP and TCP behavior on edge nodes with Tstat , 2005, Comput. Networks.

[6] Chun-Ying Huang,et al. Quantifying Skype user satisfaction , 2006, SIGCOMM 2006.

[7] Ravi Jain,et al. An Experimental Study of the Skype Peer-to-Peer VoIP System , 2005, IPTPS.

[8] Henning Schulzrinne,et al. An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol , 2004, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[9] W MooreAndrew,et al. Internet traffic classification using bayesian analysis techniques , 2005 .

[10] P. Biondi,et al. Silver Needle in the Skype , 2006 .

[11] Chris Lonvick,et al. The Secure Shell (SSH) Protocol Assigned Numbers , 2006, RFC.

[12] Henning Schulzrinne,et al. RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.