Can encrypted traffic be identified without port numbers, IP addresses and payload inspection?

Internet assigned numbers authority (IANA). <http://www.iana.org/assignments/port-number> (last accessed October, 2009). A.W. Moore, K. Papagiannaki, Toward the accurate identification of network applications, in: Passive and Active Network Measurement: Proceedings of the Passive & Active Measurement Workshop, 2005, pp. 41–54. Madhukar, 2006, A longitudinal study of p2p traffic classification, 179 Sen, 2004, Accurate, scalable in-network identification of p2p traffic using application signatures, 512 SSH. <http://www.rfc-archive.org/getrfc.php?rfc=4251>. Skype. <http://www.skype.com/useskype/>. R. Alshammari, A.N. Zincir-Heywood, A flow based approach for ssh traffic detection, in: Proceedings of the IEEE International Conference on System, Man and Cybernetics – SMC’2007. Alshammari, 2008, Investigating two different approaches for encrypted traffic classification, 156 R. Alshammari, N. Zincir-Heywood, Generalization of signatures for ssh encrypted traffic identification, in: IEEE Symposium on Computational Intelligence in Cyber Security, 2009, CICS ’09, 2009, pp. 167–174. J. Early, C. Brodley, C. Rosenberg, Behavioral authentication of server flows, in: Proceedings of the 19th Annual Computer Security Applications Conference, 2003, pp. 46–55. Haffner, 2005, ACAS: automated construction of application signatures, 197 A.D. Montigny-Leboeuf, Flow Attributes For Use In Traffic Characterization, CRC Technical Note No. CRC-TN-2005-003. Moore, 2005, Internet traffic classification using bayesian analysis techniques, 50 Williams, 2006, A preliminary performance comparison of five machine learning algorithms for practical ip traffic flow classification, SIGCOMM Comput. Commun. Rev., 36, 5, 10.1145/1163593.1163596 Wright, 2004, HMM profiles for network traffic classification, 9 Karagiannis, 2005, BLINC: multilevel traffic classification in the dark, 229 Bernaille, 2006, Traffic classification on the fly, SIGCOMM Comput. Commun. Rev., 36, 23, 10.1145/1129582.1129589 Erman, 2006, Traffic classification using clustering algorithms, 281 SSH FAQ. <http://www.rz.uni-karlsruhe.de/ig25/ssh-faq/>. D.J. Barett, R.E. Silverman, SSH, The Secure Shell: The Definitive Guide, 1st ed., O’Reilly, 2001. RFC4254. <http://tools.ietf.org/html/rfc4254>. RFC4252. <http://tools.ietf.org/html/rfc4252>. RFC4253. <http://tools.ietf.org/html/rfc4253>. F. Dijkstra, A. Friedl, et al., Specification of advanced features for a multi-domain monitoring infrastructure. <http://www.geant.net/Media_Centre/Media_Library/Pages/Deliverables.aspx> (February 2010). S.A. Baset, H.G. Schulzrinne, An analysis of the skype peer-to-peer internet telephony protocol, in: INFOCOM 2006, Proceedings of the 25th IEEE International Conference on Computer Communications, 2006, pp. 1–11. D. Bonfiglio, M. Mellia, M. Meo, N. Ritacca, D. Rossi, Tracking down skype traffic, in: INFOCOM 2008. The 27th Conference on Computer Communications, IEEE, 2008, pp. 261–265. Zhang, 2000, Detecting back doors, 157 Wright, 2006, On inferring application protocol behaviors in encrypted network traffic, J. Mach. Learn. Res., 7, 2745 L. Bernaille, R. Teixeira, Early recognition of encrypted applications, in: Passive and Active Measurement Conference (PAM), Louvain-la-neuve, Belgium. Li, 2009, Efficient application identification and the temporal and spatial stability of classification schema, Comput. Network, 53, 790, 10.1016/j.comnet.2008.11.016 Palmieri, 2009, A nonlinear, recurrence-based approach to traffic classification, Comput. Network, 53, 761, 10.1016/j.comnet.2008.12.015 Hu, 2009, Profiling and identification of p2p traffic, Comput. Network, 53, 849, 10.1016/j.comnet.2008.11.005 Skype reaches 10 million concurrent users. <http://seekingalpha.com/article/50328-ebay-watch-59-earnings-growth-skype-reaches-10-million-concurrent-users> (last accessed May, 2010). D.K. Suh, D.R. Figueiredo, J. Kurose, D. Towsley, Characterizing and detecting relayed traffic: a case study using skype, in: INFOCOM 06: Proceedings of the 25th IEEE International Conference on Computer Communications. Bonfiglio, 2007, Revealing skype traffic: when randomness plays with you, SIGCOMM Comput. Commun. Rev., 37, 37, 10.1145/1282427.1282386 R. Alshammari, A.N. Zincir-Heywood, Machine learning based encrypted traffic classification: identifying ssh and skype, in: IEEE Symposium on Computational Intelligence for Security and Defense Applications, 2009, CISDA 2009, 2009, pp. 1–8. doi:10.1109/CISDA.2009.5356534. Alshammari, 2009, Classifying ssh encrypted traffic with minimum packet header features using genetic programming, 2539 Nguyen, 2008, A survey of techniques for internet traffic classification using machine learning, IEEE Trans. Commun. Surv. Tutor., 10, 56, 10.1109/SURV.2008.080406 R. Alshammari, A. Zincir-Heywood, A preliminary performance comparison of two feature sets for encrypted traffic classification, in: Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS’08, 2008, pp. 203–210. R. Alshammari, A.N. Zincir-Heywood, A.A. Farrag, Performance comparison of four rule sets: an example for encrypted traffic classification, in: World Congress on Privacy, Security, Trust and the Management of e-Business, 2009, pp. 21–28. Alpaydin, 2004 Freund, 1999, A short introduction to boosting, J. Jpn. Soc. Artif. Intell., 14, 771 P. Lichodzijewski, M.I. Heywood, Managing team-based problem solving with symbiotic bid-based genetic programming, in: Proceedings of the Genetic and Evolutionary Computation Conference, 2008, pp. 363–370. de Jong, 2007, A monotonic archive for pareto-coevolution, Evol. Comput., 15, 61, 10.1162/evco.2007.15.1.61 J. Doucette, M. Heywood, Gp classification under imbalanced data sets: active sub-sampling and AUC approximation, in: European Conference on Genetic Programming, Lecture Notes in Computer Science, vol. 4971, 2008, pp. 266–277. Rosin, 1997, New methods for competitive coevolution, Evol. Comput., 5, 1, 10.1162/evco.1997.5.1.1 NLANR. <http://pma.nlanr.net/special>. MAWI. <http://tracer.csl.sony.co.jp/mawi/>. DARPA 1999 intrusion detection evaluation data. <http://www.ll.mit.edu/IST/ideval/docs/1999/schedule.html> (last accessed March, 2008). Skype traces. <http://tstat.tlc.polito.it/traces-skype.shtml> (last accessed August, 2009). PacketShaper. http://www.packeteer.com/products/packetshaper/ (last accessed March, 2008). l7 filter. <http://l7-filter.sourceforge.net/> (last accessed March, 2008). Wireshark. <http://www.wireshark.org/> (Last accessed September, 2008). NetMate. <http://www.ip-measurement.org/tools/netmate/>. IETF. <http://www3.ietf.org/proceedings/97apr/97apr-final/xrtftr70.htm>. Libpcap. <http://www.tcpdump.org/> (Last accessed September, 2008). WEKA software. <http://www.cs.waikato.ac.nz/ml/weka/>. A. McIntyre, M. Heywood, Cooperative problem decomposition in Pareto competitive classifier models of coevolution, in: European Conference on Genetic Programming, Lecture Notes in Computer Science, vol. 4971, 2008, pp. 289–300. R. Curry, Towards efficient training on large datasets for genetic programming, 2004. <http://www.cs.dal.ca/∼mheywood/Thesis/RCurry.pdf>. Brameier, 2006