ABSTRACT
In this paper we present results of experimental work using machine learning techniques to rapidly identify Skype traffic. We show that Skype traffic can be identified by observing 5 seconds of a Skype traffic flow, with recall and precision better than 98%. We found the most effective features for classification were characteristic packet lengths less than 80 bytes, statistics of packet lengths greater than 80 bytes and inter-packet arrival times. Our classifiers do not rely on observing any particular part of a flow. We also report on the performance of classifiers built using combinations of two of these features and of each feature in isolation.
- Baset, S., Schulzrinne, H. 2006 An analysis of the Skype peer-to-peer Internet Telephony Protocol, IEEE INFOCOM'06.Google ScholarCross Ref
- Ebay results report, 3rd quarter 2008. http://investor.ebay.com/results.cfm, accessed 13 February 2009.Google Scholar
- Skype website, http://www.skype.com, accessed 13 February 2009.Google Scholar
- Bonfiglio, D., Mellia, M., Meo, M., Rossi, D., Tofanelli, P. 2007 Revealing Skype traffic: When Randomness Plays with you, ACM SIGCOMM'07. Google ScholarDigital Library
- Bonfiglio, D., Mellia, M., Meo, M., Rossi, D. 2009 Detailed Analysis of Skype Traffic, IEEE Transactions on Multimedia, vol 11, no1, pp. 117--127. Google ScholarDigital Library
- Suh, K., Figuiredo, D., Kurose, J., Towsley, D. 2006 Characterising and Detecting Skype Relayed Traffic, IEEE INFOCOM'06.Google Scholar
- CALEA Online, http://www.calea.org, accessed 13 February 2009.Google Scholar
- Upson, S. 2007 Wiretapping Woes, IEEE Spectrum, May 2007. Google ScholarDigital Library
- Maloku, N., Aljaz, T., Dolenc, F. 2003 Legal Call Interception in Next Generation Networks, Proceedings of the 7th International Conference on Telecommunications.Google ScholarCross Ref
- Baker, F., Foster, B., Sharp, C. 2004 Internet Engineering Task Force, Cisco Architecture for Lawful Intercept in IP Networks, http://www.ietf.org/rfc/rfc3924.txt, Accessed 13 February 2009.Google Scholar
- Bellovein, S., Blaze, M., Bricell, E., Brooks, C., Cerf, V., Diffie, W., Landau, S., Peterson, J., Treichler, J. 2006 Security Implications of Applying Communications Assistance to Law Enforcement Act to Voice over IP, Information Technology Association of America.Google Scholar
- Nguyen, T. and Armitage, G. 2008 A Survey of Techniques for Internet Traffic Classification using Machine Learning, IEEE Communications Surveys & Tutorials, vol. 10 no. 4. Google ScholarDigital Library
- Lindblom, J. 2005 A sinusoidal voice over packet coder tailored for the frame-erasure channel, IEEE Transactions on Speech and Audio Processing, vol. 13, no. 5, pp. 787--798.Google ScholarCross Ref
- Witten, I., Frank, E. 2005 Data Mining: Practical Machine Learning Tools and Techniques, 2nd Ed, Elsevier Inc, San Fransciso, CA. Google ScholarDigital Library
- Tcpdump, http://www.tcpdump.org, Accessed 13 February 2009.Google Scholar
- University of Twente, Traffic Measurement Data Repository http://traces.simpleweb.org/, Accessed 13 February 2009.Google Scholar
- Netmate, http://www.ip-measurement.org/tools/netmate, Accessed 13 February 2009.Google Scholar
- R, The R Project for Statistical Computing, http://www.r-project.org, Accessed 13 February 2009.Google Scholar
- Williams, N., Zander, S., Armitage, G. 2006 A Preliminary Performance Comparison of Five Machine Learning Algorithms for Practical IP Traffic Flow Classification, ACM SIGCOMM Computer Communication Review, vol. 36 no. 5 pp. 7--15. Google ScholarDigital Library
- But, J., Armitage, G., Stewart, L. 2008 Outsourcing Automated QoS Control of Home Routers for a Better Online Game Experience IEEE Communications, vol. 46 no. 12 pp. 64--70. Google ScholarDigital Library
- Nguyen, T., Armitage, G. 2006 Training on multiple sub-flows to optimise the use of Machine Learning classifiers in real-world IP networks in IEEE 31st Conference on Local Computer Networks, pp. 369--376. Tampa, Florida, USA.Google Scholar
- Nguyen, T., Armitage, G. 2006 Synthetic Sub-flow Pairs for Timely and Stable IP Traffic Identification in Australian Telecommunication Networks and Application Conference 2006, pp. 293--297. Melbourne, Australia.Google Scholar
Index Terms
- Rapid identification of Skype traffic flows
Recommendations
Skype-Hunter: A real-time system for the detection and classification of Skype traffic
In the previous years, Skype has gained more and more popularity, since it is seen as the best VoIP software with good quality of sound, ease of use and one that works everywhere and with every OS. Because of its great diffusion, both the operators and ...
Traffic analysis attacks on Skype VoIP calls
Skype is one of the most popular voice-over-IP (VoIP) service providers. One of the main reasons for the popularity of Skype VoIP services is its unique set of features to protect privacy of VoIP calls such as strong encryption, proprietary protocols, ...
On the identification and analysis of Skype traffic
Skype applies strong encryption to provide secure communication inside the whole Skype network. It also uses several techniques to conceal the traffic and the protocol. As a consequence, traditional port-based or payload-based identification of Skype ...
Comments