Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
www.caida.org > publications : bib : networking : entries : bonfiglio07revealing.xml
Bibliography Details
D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, and P. Tofanelli, "Revealing Skype Traffic: when randomness plays with you", in ACM SIGCOMM 2007, Aug 2007.
Revealing Skype Traffic: when randomness plays with you
Authors: D. Bonfiglio
M. Mellia
M. Meo
D. Rossi
P. Tofanelli
Published: ACM SIGCOMM, 2007
URL:http://dl.acm.org/citation.cfm?id=1282386
Entry Dates: 2009-02-09
Abstract: Skype is a very popular VoIP software which has recently attracted the attention of the research community and network operators. Following a closed source and proprietary design, Skype protocols and algorithms are unknown. Moreover, strong encryption mechanisms are adopted by Skype, making it very difficult to even glimpse its presence from a traffic aggregate. In this paper, we propose a framework based on two complementary techniques to reveal Skype traffic in real time. The first approach, based on Pearson's Chi-Square test and agnostic to VoIP-related traffic characteristics, is used to detect Skype's fingerprint from the packet framing structure, exploiting the randomness introduced at the bit level by the encryption process. Conversely, the second approach is based on a stochastic characterization of Skype traffic in terms of packet arrival rate and packet length, which are used as features of a decision process based on Naive Bayesian Classifiers. In order to assess the effectiveness of the above techniques, we develop an off-line cross-checking heuristic based on deep-packet inspection and flow correlation, which is interesting per se. This heuristic allows us to quantify the amount of false negatives and false positives gathered by means of the two proposed approaches: results obtained from measurements in different networks show that the technique is very effective in identifying Skype traffic. While both Bayesian classifier and packet inspection techniques are commonly used, the idea of leveraging on randomness to reveal traffic is novel. We adopt this to identify Skype traffic, but the same methodology can be applied to other classification problems as well.
Results:
  • datasets: two traces 1) CAMPUS: a 95 hours long trace collected at campus access link starting on Monday the 29th of May 2006; 2) ISP: a one day long trace, collected from the POP of FastWeb, a major Italian ISP, on Monday the 15th of May 2006;
  • two complementary techniques to reveal skype traffic in real time. The first approach based on Pearson's Chi-Square test and agnostic to VoIp-related traffic characteristics. The second approach is based on a stochastic characterization of skype traffic in terms of packet arrival rate and packet length, which are used as features of a decision process based on Naive Bayersian Classifiers;
  Last Modified: Tue Oct-8-2019 11:20:57 PDT
  Page URL: http://www.caida.org/publications/bib/networking/entries/bonfiglio07revealing.xml