A Multi-Level Framework to Identify HTTPS Services

Wazen M. Shbair 1 Thibault Cholez 1 Jérôme François 1 Isabelle Chrisment 1
1 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : The development of TLS-based encrypted traffic comes with new challenges related to the management and security analysis of encrypted traffic. There is an essential need for new methods to investigate, with a proper level of identification, the increasing number of HTTPS traffic that may hold security breaches. In fact, although many approaches detect the type of an application (Web, P2P, SSH, etc.) running in secure tunnels, and others identify a couple of specific encrypted web pages through website fingerprinting, this paper proposes a robust technique to precisely identify the services run within HTTPS connections, i.e. to name the services, without relying on specific header fields that can be easily altered. We have defined dedicated features for HTTPS traffic that are used as input for a multi-level identification framework based on machine learning algorithms. Our evaluation based on real traffic shows that we can identify encrypted web services with a high accuracy.
Type de document :
Communication dans un congrès
IEEE/IFIP Network Operations and Management Symposium (NOMS 2016), Apr 2016, Istanbul, Turkey. IEEE, p240-248, 2016, 〈http://noms2016.ieee-noms.org/〉. 〈10.1109/NOMS.2016.7502818〉
Liste complète des métadonnées

Littérature citée [29 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01273160
Contributeur : Thibault Cholez <>
Soumis le : samedi 30 avril 2016 - 17:34:13
Dernière modification le : mardi 10 avril 2018 - 10:22:10
Document(s) archivé(s) le : mardi 15 novembre 2016 - 18:35:23

Fichiers

HTTPS_identification_framework...
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Wazen M. Shbair, Thibault Cholez, Jérôme François, Isabelle Chrisment. A Multi-Level Framework to Identify HTTPS Services. IEEE/IFIP Network Operations and Management Symposium (NOMS 2016), Apr 2016, Istanbul, Turkey. IEEE, p240-248, 2016, 〈http://noms2016.ieee-noms.org/〉. 〈10.1109/NOMS.2016.7502818〉. 〈hal-01273160〉

Partager

Métriques

Consultations de la notice

471

Téléchargements de fichiers

615