The Impact of Evasion on the Generalization of Machine Learning Algorithms to Classify VoIP Traffic

We propose a novel approach to generate well generalized signatures to classify Skype VoIP traffic using a machine learning based approach. Results show that the performance of the signatures did not degrade significantly when they were evaluated on traffic that was captured from different locations and at different times as well as employed against evasion attacks. Our results on the evasion of Skype classifier demonstrate that the performance of the signatures are very promising even if the user tries maliciously to alter the characteristics of Skype traffic to evade the classifier.

[1]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[2]  Patrick Haffner,et al.  ACAS: automated construction of application signatures , 2005, MineNet '05.

[3]  Yoav Freund,et al.  A Short Introduction to Boosting , 1999 .

[4]  Sven Ehlert,et al.  Analysis and Signature of Skype VoIP Session Traffic , 2006 .

[5]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[6]  Henning Schulzrinne,et al.  An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol , 2004, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[7]  John C. S. Lui,et al.  Profiling and identification of P2P traffic , 2009, Comput. Networks.

[8]  C.-C. Jay Kuo,et al.  GA-Based Internet Traffic Classification Technique for QoS Provisioning , 2006, 2006 International Conference on Intelligent Information Hiding and Multimedia.

[9]  Renata Teixeira,et al.  Traffic classification on the fly , 2006, CCRV.

[10]  Dario Rossi,et al.  Revealing skype traffic: when randomness plays with you , 2007, SIGCOMM '07.

[11]  Sebastian Zander,et al.  A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification , 2006, CCRV.

[12]  Jon Callas,et al.  ZRTP: Media Path Key Agreement for Unicast Secure RTP , 2011, RFC.

[13]  Sándor Molnár,et al.  Skype Traffic Identification , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[14]  Brian Neil Levine,et al.  Inferring the source of encrypted HTTP connections , 2006, CCS '06.

[15]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[16]  Riyad Alshammari,et al.  Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? , 2011, Comput. Networks.

[17]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.

[18]  Dario Rossi,et al.  Detailed Analysis of Skype Traffic , 2009, IEEE Transactions on Multimedia.

[19]  Dario Rossi,et al.  Tracking Down Skype Traffic , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.