Detection of Encrypted Multimedia Traffic through Extraction and Parameterization of Recurrence Plots

Abstract

The detection of encrypted multimedia traffic (like VoIP or Video) is a crucial task for both TELCO operators and authorities involved in lawful interception issues. As an example, Skype traffic that cannot be detected through classical methods as port-based detection (because of a random based choice port option) nor payload inspection (because of encryption mechanisms adopted). Dwelling on Skype, the aim of this work is to propose a novel technique that, by recasting the regularities of the data streams in terms of recurrence plots (a representation derived from Chaos Theory), extracts some unprecedented observables; such observables are then considered in a decision-tree building procedure exploiting the C4.5 algorithm in order to draw a decision about the presence or the absence of the targeted traffic. In the final section, a comparison with a reference technique is presented.