Early Identification of Services in HTTPS Traffic.
作者: Jérôme François , Isabelle Chrisment , Thibault Cholez , Wazen M. Shbair
DOI:
关键词: Identification (information) 、 Handshake 、 Certificate 、 Network management 、 Computer network 、 Quality of service 、 Encryption 、 Network packet 、 Computer science 、 Session (computer science)
摘要: Traffic monitoring is essential for network management tasks that ensure security and QoS. However, the continuous increase of HTTPS traffic undermines effectiveness current service-level can only rely on unreliable parameters from TLS handshake (X.509 certificate, SNI) or must decrypt traffic. We propose a new machine learning-based method to identify services without decryption. By extracting statistical features packets small number application data packets, we very early in session. Extensive experiments performed over significant open dataset show our offers good accuracy prototype implementation confirms identification satisfied.
arxiv.org
harvard.edu参考文章(26)
Laurent Bernaille, Renata Teixeira, Early recognition of encrypted applications passive and active network measurement. ,vol. 4427, pp. 165- 175 ,(2007) , 10.1007/978-3-540-71617-4_17
Tristan Groléat, Sandrine Vaton, Matthieu Arzel, High-speed flow-based classification on FPGA International Journal of Network Management. ,vol. 24, pp. 253- 271 ,(2014) , 10.1002/NEM.1863
Roni Bar - Yanai, Michael Langberg, David Peleg, Liam Roditty, Realtime classification for encrypted traffic symposium on experimental and efficient algorithms. pp. 373- 385 ,(2010) , 10.1007/978-3-642-13193-6_32
Gianluca Maiolini, Andrea Baiocchi, Alfonso Iacovazzi, Antonello Rizzi, Real Time Identification of SSH Encrypted Application Flows by Using Cluster Analysis Techniques international ifip tc networking conference. pp. 182- 194 ,(2009) , 10.1007/978-3-642-01399-7_15
Yuichi Kumano, Shingo Ata, Nobuyuki Nakamura, Yoshihiro Nakahira, Ikuo Oka, Towards real-time processing for application identification of encrypted traffic 2014 International Conference on Computing, Networking and Communications (ICNC). pp. 136- 140 ,(2014) , 10.1109/ICCNC.2014.6785319
Ping Chen, Nick Nikiforakis, Lieven Desmet, Christophe Huygens, Security Analysis of the Chinese Web: How well is it protected? Proceedings of the 2014 Workshop on Cyber Security Analytics, Intelligence and Automation. pp. 3- 9 ,(2014) , 10.1145/2665936.2665938
Chengjie Gu, Shunyi Zhang, Yanfei Sun, Realtime Encrypted Traffic Identification using Machine Learning Journal of Software. ,vol. 6, pp. 1009- 1016 ,(2011) , 10.4304/JSW.6.6.1009-1016
Yibo Xue, Dawei Wang, Luoshi Zhang, Traffic classification: Issues and challenges 2013 International Conference on Computing, Networking and Communications (ICNC). pp. 545- 549 ,(2013) , 10.1109/ICCNC.2013.6504144
Silas Santiago Lopes Pereira, Jorge Luiz De Castro e Silva, Jose Everardo Bessa Maia, NTCS: A real time flow-based network traffic classification system conference on network and service management. pp. 368- 371 ,(2014) , 10.1109/CNSM.2014.7014196
Nigel Williams, Sebastian Zander, Grenville Armitage, A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification ACM SIGCOMM Computer Communication Review. ,vol. 36, pp. 5- 16 ,(2006) , 10.1145/1163593.1163596