Patent · US Active

Identification and classification of web traffic inside encrypted network tunnels

US9491078B2 · kind B2 · utility

7Cited by

4References

8Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Mihai Christodorescu · San Jose, US
Xin Hu · White Plains, US
Douglas Lee Schales · Campion Road, US
Reiner Sailer · Scarsdale, US
Marc Stoecklin · Basel, CH
Ting Wang · White Plains, US
Andrew M. White · Skokie, US

Key dates

Filing date	Jun 26, 2015
Grant date	Nov 8, 2016
Priority date	—
Expiry date	Jun 26, 2035

Classification

Technology area (CPC H)Electricity
CPC primaryH04L67/02
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.