File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/WETICE.2007.4407198
- Scopus: eid_2-s2.0-85042609222
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Conference Paper: Network forensic on encrypted peer-to-peer VoIP traffics and the detection, blocking, and prioritization of skype traffics
| Title | Network forensic on encrypted peer-to-peer VoIP traffics and the detection, blocking, and prioritization of skype traffics |
|---|---|
| Authors | |
| Keywords | Blocking Enterprise network security NAT traversal Network forensics Reverse engineering Skype Traffic analysis Traffic prioritization |
| Issue Date | 2007 |
| Publisher | IEEE, Computer Society |
| Citation | Proceedings Of The Workshop On Enabling Technologies: Infrastructure For Collaborative Enterprises, Wet Ice, 2007, p. 401-406 How to Cite? |
| Abstract | Skype is a popular peer-to-peer (P2P) voice over IP (VoIP) application evolving quickly since its launch in 2003. However, the ability to traverse network address translation (NAT) and bypass firewalls, as well as the induced bandwidth burden due to the super node (SN) mechanism, make Skype considerably a threat to enterprise networks security and availability. Because Skype uses both encryption and overlays, detection and blocking of Skype is nontrivial. Motivated by the work of Biondi and Desclaux [3], we adopt the view of Skype as a backdoor and we take a forensic approach to analyze it. We share our experience in this paper. With the forensic evidence, we identify a transport layer communication framework for Skype. We further formulate a set of socket-based detection and control policies for Skype traffics. Our detection method is a hybrid between payload and non-payload inspections, with improved accuracy and version sustainability over the traditional payload-only approaches. Our solution is practicable both inside and outside the NAT firewalls. This breakthrough makes the detection, blocking, and prioritization of Skype traffics possible in both the enterprise internal networks and the Internet Services Providers carrier networks. |
| Persistent Identifier | http://hdl.handle.net/10722/134696 |
| ISSN | |
| References |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Leung, CM | en_HK |
| dc.contributor.author | Chan, YY | en_HK |
| dc.date.accessioned | 2011-07-05T08:24:36Z | - |
| dc.date.available | 2011-07-05T08:24:36Z | - |
| dc.date.issued | 2007 | en_HK |
| dc.identifier.citation | Proceedings Of The Workshop On Enabling Technologies: Infrastructure For Collaborative Enterprises, Wet Ice, 2007, p. 401-406 | en_HK |
| dc.identifier.issn | 1524-4547 | en_HK |
| dc.identifier.uri | http://hdl.handle.net/10722/134696 | - |
| dc.description.abstract | Skype is a popular peer-to-peer (P2P) voice over IP (VoIP) application evolving quickly since its launch in 2003. However, the ability to traverse network address translation (NAT) and bypass firewalls, as well as the induced bandwidth burden due to the super node (SN) mechanism, make Skype considerably a threat to enterprise networks security and availability. Because Skype uses both encryption and overlays, detection and blocking of Skype is nontrivial. Motivated by the work of Biondi and Desclaux [3], we adopt the view of Skype as a backdoor and we take a forensic approach to analyze it. We share our experience in this paper. With the forensic evidence, we identify a transport layer communication framework for Skype. We further formulate a set of socket-based detection and control policies for Skype traffics. Our detection method is a hybrid between payload and non-payload inspections, with improved accuracy and version sustainability over the traditional payload-only approaches. Our solution is practicable both inside and outside the NAT firewalls. This breakthrough makes the detection, blocking, and prioritization of Skype traffics possible in both the enterprise internal networks and the Internet Services Providers carrier networks. | en_HK |
| dc.language | eng | en_US |
| dc.publisher | IEEE, Computer Society | en_US |
| dc.relation.ispartof | Proceedings of the Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE | en_HK |
| dc.subject | Blocking | en_HK |
| dc.subject | Enterprise network security | en_HK |
| dc.subject | NAT traversal | en_HK |
| dc.subject | Network forensics | en_HK |
| dc.subject | Reverse engineering | en_HK |
| dc.subject | Skype | en_HK |
| dc.subject | Traffic analysis | en_HK |
| dc.subject | Traffic prioritization | en_HK |
| dc.title | Network forensic on encrypted peer-to-peer VoIP traffics and the detection, blocking, and prioritization of skype traffics | en_HK |
| dc.type | Conference_Paper | en_HK |
| dc.identifier.email | Chan, YY: yychan8@hkucc.hku.hk | en_HK |
| dc.identifier.authority | Chan, YY=rp00894 | en_HK |
| dc.description.nature | link_to_subscribed_fulltext | en_US |
| dc.identifier.doi | 10.1109/WETICE.2007.4407198 | en_HK |
| dc.identifier.scopus | eid_2-s2.0-85042609222 | en_HK |
| dc.relation.references | http://www.scopus.com/mlt/select.url?eid=2-s2.0-51149106576&selection=ref&src=s&origin=recordpage | en_HK |
| dc.identifier.spage | 401 | en_HK |
| dc.identifier.epage | 406 | en_HK |
| dc.publisher.place | United States | en_HK |
| dc.identifier.scopusauthorid | Leung, CM=35280335500 | en_HK |
| dc.identifier.scopusauthorid | Chan, YY=7403676264 | en_HK |
| dc.identifier.issnl | 1524-4547 | - |