Probabilistic Spying on Encrypted Tunnels

download Probabilistic Spying on Encrypted Tunnels

of 13

  • date post

  • Category


  • view

  • download


Embed Size (px)


Introduction of the tool "Pacumen" that was given at BlackHat USA 2014

Transcript of Probabilistic Spying on Encrypted Tunnels

  • 1. PACUMEN packet acumen

2. WHO ARE WE? PRASAD RAO - HPLABS BRANDON NIEMCZYK HP DVLABS 3. WHAT IS PACUMEN ? A tool to identify what applications are being used over an encrypted tunnel. 4. ACADEMIA HAS PRODUCED PAPERS Wheres the code? 5. PREVIOUS WORK Results only. Focus on one application at a time. Results are difficult to interpret. 6. HOW DOES PACUMEN WORK? PACUMEN learns by example. 7. HOW DOES PACUMEN WORK? Train PACUMEN Collect Example Data Classifier Classify new data Provide new data from network/pcap 10 Collect Training Data 20 Build Classifier 30 Get unknown data 40 Classify unknown data 50 GOTO 30 8. HOW DOES PACUMEN WORK? A B A SIZE A SIZE B 1 1 2 CLASSIFY IRRELEVANT SIZE 1 2 3 10 seconds UPDATE CONFIDENCE 9. HOW DOES PACUMEN WORK? - Decision Trees Multiple types of classifiers can be created. - Mixed Gaussian Likelihood functions 10. DECISION TREES Is it a dog or a house cat? Is it heavier than fifteen pounds? Does it bark? Probably a cat Probably a dog Probably a dog 11. MIXED GAUSSIANS M = 12. DEMO TIME! 13. THANK YOU Any Questions? PACUMEN - Prasad Rao Brandon Niemczyk Vib Chhabra