HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting
نویسندگان
چکیده
منابع مشابه
HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting
The encryption of network traffic complicates legitimate network monitoring, traffic analysis, and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the User-Agent of a client in HTTPS communication via the analysis of the SSL/TLS handshak...
متن کاملWebsite Fingerprinting using Traffic Analysis Attacks
Website fingerprinting is the act of recognizing web traffic through surveillance despite the use of encryption or anonymizing software. The overall idea is to leverage the fact that many web sites have specific request patterns, response byte counts, and other similar coarse features that are known beforehand. This information can be used to recognize and classify different website traffic des...
متن کاملHTTPS Vulnerability to Fine Grain Traffic Analysis
In this thesis, we apply the pattern recognition and data processing strengths of machine learning to accomplish traffic analysis objectives. Traffic analysis relies on the use of observable features of encrypted traffic in order to infer plaintext contents. We apply a clustering technique to HTTPS encrypted traffic on websites covering medical, legal and financial topics and achieve accuracy r...
متن کاملTowards Fingerprinting Malicious Traffic
The primary intent of this paper is detect malicious traffic at the network level. To this end, we apply several machine learning techniques to build classifiers that fingerprint maliciousness on IP traffic. As such, J48, Naı̈ve Bayesian, SVM and Boosting algorithms are used to classify malware communications that are generated from dynamic malware analysis framework. The generated traffic log f...
متن کاملUsing Machine Learning Techniques for Advanced Passive Operating System Fingerprinting
TCP/IP fingerprinting is the active or passive collection of information usually extracted from a remote computer’s network stack. The combination of such information can be then used to infer the remote operating system (OS fingerprinting). OS fingerprinting is traditionally based on a database of “signatures”. A signature comprises several features (i.e., pairs attribute/value) extracted from...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: EURASIP Journal on Information Security
سال: 2016
ISSN: 1687-417X
DOI: 10.1186/s13635-016-0030-7