Revealing skype traffic

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Revealing skype traffic: when randomness plays with you

Full text

Pdf (912 KB)

Source

ACM SIGCOMM Computer Communication Review archive
Volume 37 , Issue 4 (October 2007) table of contents

SESSION: Network applications table of contents

Pages: 37 - 48

Year of Publication: 2007

ISSN:0146-4833

Also published in ...

Authors

Dario Bonfiglio	Politecnico di Torino, Torino, Italy
Marco Mellia	Politecnico di Torino, Torino, Italy
Michela Meo	Politecnico di Torino, Torino, Italy
Dario Rossi	ENST Télécom Paris, Paris, France
Paolo Tofanelli	Motorola Inc., Torino, Italy

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 59, Downloads (12 Months): 464, Citation Count: 10

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1282427.1282386 What is a DOI?

Warning: The download time has expired please click on the item to try again.

ABSTRACT

Skype is a very popular VoIP software which has recently attracted the attention of the research community and network operators. Following a closed source and proprietary design, Skype protocols and algorithms are unknown. Moreover, strong encryption mechanisms are adopted by Skype, making it very difficult to even glimpse its presence from a traffic aggregate. In this paper, we propose a framework based on two complementary techniques to reveal Skypetraffic in real time. The first approach, based on Pearson'sChi-Square test and agnostic to VoIP-related trafficcharacteristics, is used to detect Skype's fingerprint from the packet framing structure, exploiting the randomness introduced at the bit level by the encryption process. Conversely, the second approach is based on a stochastic characterization of Skype traffic in terms of packet arrival rate and packet length, which are used as features of a decision process based on Naive Bayesian Classifiers.In order to assess the effectiveness of the above techniques, we develop an off-line cross-checking heuristic based on deep-packet inspection and flow correlation, which is interesting per se. This heuristic allows us to quantify the amount of false negatives and false positives gathered by means of the two proposed approaches: results obtained from measurements in different networks show that the technique is very effective in identifying Skype traffic. While both Bayesian classifier and packet inspection techniques are commonly used, the idea of leveraging on randomness to reveal traffic is novel. We adopt this to identify Skype traffic, but the same methodology can be applied to other classification problems as well.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Skype web site, http://www.skype.com
	2	Hesiod, "Theogony", ca 700 BC
	3	S. A., Baset, H. Schulzrinne, "An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol". IEEE Infocom'06, Barcelona, Spain, Apr. 2006.
	4	P. Biondi, F. Desclaux, "Silver Needle in the Skype". Black Hat Europe'06, Amsterdam, the Netherlands, Mar. 2006.
	5	S. Guha, N. Daswani and R. Jain, "An Experimental Study of the Skype Peer-to-Peer VoIP System", 5th Intl. Workshop on Peer-to-Peer Systems, Santa Barbara, CA, Feb. 2006.
	6	Kuan-Ta Chen , Chun-Ying Huang , Polly Huang , Chin-Laung Lei, Quantifying Skype user satisfaction, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
	7	K. Suh, D. R. Figuieredo, J. Kurose, D. Towsley, "Characterizing and detecting relayed traffic: A case study using Skype", IEEE Infocom'06, Barcelona, Spain, Apr. 2006.
	8	Mark Carson , Darrin Santay, NIST Net: a Linux-based network emulation tool, ACM SIGCOMM Computer Communication Review, v.33 n.3, July 2003 [doi>10.1145/956993.957007]
	9	GlobalIPSound web site, http://www.globalipsound.com/
	10	T. Berson, "Skype Security Evaluation". Online report, http://www.skype.com/security/files/2005-031securityevaluation.pdf, Oct.2005.
	11	D. S. Sivia, "Data Analysis: A Bayesian Tutorial". Oxford University Press, Sep. 1996.
	12	Andrew W. Moore , Denis Zuev, Internet traffic classification using bayesian analysis techniques, ACM SIGMETRICS Performance Evaluation Review, v.33 n.1, June 2005
	13	FastWeb web site, http://company.fastweb.it/
	14	M. Mellia , R. Lo Cigno , F. Neri, Measuring IP and TCP behavior on edge nodes with Tstat, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.47 n.1, p.1-21, 14 January 2005 [doi>10.1016/j.comnet.2004.06.026]
	15	H. Schulzrinne , S. Casner , R. Frederick , V. Jacobson, RTP: A Transport Protocol for Real-Time Applications, RFC Editor, 2003
	16	E. Rescorla, HTTP Over TLS, RFC Editor, 2000
	17	S. Lehtinen, C. Lonvick, "The Secure Shell (SSH) Protocol Assigned Numbers", RFC 4250, Jan. 2006.

CITED BY 10

	Luca De Cicco , Saverio Mascolo , Vittorio Palmisano, Skype video responsiveness to bandwidth variations, Proceedings of the 18th International Workshop on Network and Operating Systems Support for Digital Audio and Video, May 28-30, 2008, Braunschweig, Germany
	Dario Rossi , Silvio Valenti , Paolo Veglia , Dario Bonfiglio , Marco Mellia , Michela Meo, Pictures from the Skype, ACM SIGMETRICS Performance Evaluation Review, v.36 n.2, September 2008
	M. Dusi , M. Crotti , F. Gringoli , L. Salgarelli, Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.1, p.81-97, January, 2009
	Dario Rossi , Marco Mellia , Michela Meo, Understanding Skype signaling, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.2, p.130-140, February, 2009
	Thomas Silverston , Olivier Fourmaux , Alessio Botta , Alberto Dainotti , Antonio Pescapé , Giorgio Ventre , Kavé Salamatian, Traffic analysis of peer-to-peer IPTV communities, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.4, p.470-484, March, 2009
	Wei Li , Marco Canini , Andrew W. Moore , Raffaele Bolla, Efficient application identification and the temporal and spatial stability of classification schema, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.6, p.790-809, April, 2009
	Yan Hu , Dah-Ming Chiu , John C. S. Lui, Profiling and identification of P2P traffic, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.6, p.849-863, April, 2009
	Philip A. Branch , Amiel Heyde , Grenville J. Armitage, Rapid identification of Skype traffic flows, Proceedings of the 18th international workshop on Network and operating systems support for digital audio and video, June 03-05, 2009, Williamsburg, VA, USA
	Emanuel Pacheco Freire , Artur Ziviani , Ronaldo Moreira Salles, On Metrics to Distinguish Skype Flows from HTTP Traffic, Journal of Network and Systems Management, v.17 n.1-2, p.53-72, June 2009
	Hyunggon Park , Mihaela van der Schaar, A framework for foresighted resource reciprocation in P2P networks, IEEE Transactions on Multimedia, v.11 n.1, p.101-116, January 2009