'Tunnel Hunter' Detects Encrypted P2P Traffic With 90% Accuracy

[Jorge]

Italian researchers say they can detect SSH tunnels with 99% accuracy and actual protocol (P2P, POP3, SMTP, HTTP) with 90% accuracy.
Italian Researchers at the Universita degli Studidi Brescia (University of Brescia Studies?) have developed a statistical method called "Tunnel Hunter" for detecting encrypted tunneling activities with 99% accuracy.
Using a naive Bayes approach to previously classify different protocols such as P2P, POP3, SMTP, and HTTP, they have used the same basic classification algorithm to detect SSH tunnels. Instead of using Deep Packet Inspection (DPI) they analyze three simple properties of IP packets: their size, inter-arrival time and arrival order.
The main theory they argue is that that a fingerprint can be derived by training the system on legitimate, non-tunneling SSH usage, and then later be used to detect application-layer tunnels that are run on top of a Secure Shell.

Read Full Article Here

[Mels_Smileys45]

Where is The Hunter anyways?