Keyword Mining for Private Protocols Tunneled Over WebSocket

WebSocket is a promising technique to build a real-time low-cost bidirectional communication channel. It supports arbitrary application-layer protocols including privately designed ones. The use of WebSocket poses a new challenge to network traffic management and security inspection. To increase vis...

Full description

Saved in:
Bibliographic Details
Published in:IEEE communications letters 2016-07, Vol.20 (7), p.1337-1340
Main Authors: Li, Bai-Chao, Yu, Shun-Zheng
Format: Article
Language:English
Subjects:
Bidirectional control
Channels
Construction
Data mining
hidden semi-Markov model
Inspection
keyword mining
Keywords
Maximum likelihood estimation
Messages
Mining
Protocol (computers)
protocol reverse engineering
Protocols
Security
Semantics
Traffic engineering
Traffic flow
Training
WebSocket traffic analysis
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:WebSocket is a promising technique to build a real-time low-cost bidirectional communication channel. It supports arbitrary application-layer protocols including privately designed ones. The use of WebSocket poses a new challenge to network traffic management and security inspection. To increase visibility for WebSocket traffic, this letter proposes an automatic keyword mining approach for protocols tunneled over WebSocket. First, we extract keyword candidates based on an intuition that a specific keyword would appear frequently in different messages but would not appear many times in one message. Then, a hidden semi-Markov model is built to portray both temporal and spatial position relations of keywords in traffic. With the help of the well-trained model, we single out genuine keywords in the sense of maximum likelihood. Experiments on an instant messaging application validate the proposed method.
ISSN:1089-7798
1558-2558
DOI:10.1109/LCOMM.2016.2565465