Probabilistic Spying on Encrypted Tunnels

Tags:

Preview:

Click to see full reader

DESCRIPTION

Introduction of the tool "Pacumen" that was given at BlackHat USA 2014

Citation preview

PACUMEN“packet acumen”

WHO ARE WE?

PRASAD RAO - HPLABSBRANDON NIEMCZYK – HP DVLABS

WHAT IS PACUMEN ?

A tool to identify what applications are being used over an encrypted tunnel.

ACADEMIA HAS PRODUCED PAPERS…

Where’s the code?

PREVIOUS WORK

Results only.

Focus on one application at a time.

Results are difficult to interpret.

HOW DOES PACUMEN WORK?

PACUMEN learns by example.

HOW DOES PACUMEN WORK?

Train PACUMEN

Collect Example

Data

ClassifierClassify

new data

Provide new data from

network/pcap

10 Collect Training Data20 Build Classifier30 Get unknown data40 Classify unknown data50 GOTO 30

HOW DOES PACUMEN WORK?

A B A

SIZE ASIZE B

11

2CLASSIFY

IRRELEVANT SIZE 1 2 3

10 seconds

UPDATECONFIDENCE

HOW DOES PACUMEN WORK?

- Decision Trees

Multiple types of classifiers can be created.

- Mixed Gaussian Likelihood functions

DECISION TREESIs it a dog or a house cat?

Is it heavier than fifteen pounds?

Does it bark?

Probably a cat

Probably a dog

Probably a dog

MIXED GAUSSIANS

M =

DEMO TIME!

THANK YOUAny Questions?

PACUMEN - https://github.com/bniemczyk/pacumen.git

Prasad Rao – prasad.rao@hp.com

Brandon Niemczyk – insecurity@hp.com

Vib Chhabra – vaibhav.chhabra@hp.com

Recommended

stop lapd spying! · phone 424-209-7450 Stop LAPD Spying Coalition Goals Advance public participation and dialogue on police spying and surveillance, demystify their tactics and help
Documents
Us spying (1).4.4 x5.78.00053
Technology
Stop the Corporate Spying
Documents
ISP Spying Class Action Lawsuit
Documents
ISS Internet Spying Brochure
Documents
The ultimate spying device
Devices & Hardware
Spying Internet Explorer 8.0
Technology
Nsa Phone Spying Complaint
Documents
Rahul Singh, Harpreet Singh · 2018-10-16 · Disk Layout and Key Storage Operating System Volume Contains Encrypted OS Encrypted page file Encrypted temp files Encrypted data Encrypted
Documents
Conditional Encrypted Mapping and Comparing Encrypted Numbers
Documents
Inside Spying - cve-search core teamarchive.hack.lu/2014/inside_spying_v1.4.pdf · • ACCESS_COARSE_LOCATION ... 8B Value) 0x860160’– MobileTgUID’= IMEI% ... Inside Spying
Documents
Spying in the break!
Travel
Encrypted Encrypted Encrypted 16799 · gedrücktwerden,umsich dieEinsatzdauer(in10Se-kundenSchritten),sowiedie Anzahlderabgegebenen Schocksansagen zulassen. DieAusgabedieserDatenis
Documents
online spying tools
Business
Spying on Google
Technology
Desktop Spying Project
Documents
NSA Spying (1)
Documents
NSA spying on France
Documents
NSA XKEYSCORE internet spying manual
Documents
Deep-Spying: Spying using Smartwatch and Deep … · Master Thesis Deep-Spying: Spying using Smartwatch and Deep Learning Author: Tony Beltramelli Supervisor: Sebastian Risi, Ph.D
Documents