论文标题
从加密的远程桌面协议流量中检测活动
Activity Detection from Encrypted Remote Desktop Protocol Traffic
论文作者
论文摘要
越来越多的互联网流量已加密。我们解决了是否可以通过加密频道(特别是微软的远程桌面协议)预测活动的问题。我们表明,可以以大于97 \%的精度检测到五个典型活动的存在,并在30秒的痕迹中回忆大于94 \%。我们还表明,该协议的设计暴露了细粒度的动作,例如击键和鼠标运动,这些动作可能会被利用以揭示诸如密码长度之类的属性。
An increasing amount of Internet traffic has its content encrypted. We address the question of whether it is possible to predict the activities taking place over an encrypted channel, in particular Microsoft's Remote Desktop Protocol. We show that the presence of five typical activities can be detected with precision greater than 97\% and recall greater than 94\% in 30-second traces. We also show that the design of the protocol exposes fine-grained actions such as keystrokes and mouse movements which may be leveraged to reveal properties such as lengths of passwords.
