| HAL-Inria | Publications, software ... of Inria's scientists |
Journal articles
Transparent and Service-Agnostic Monitoring of Encrypted Web Traffic
Abstract : Nowadays, most of Web services are accessed through HTTPS. While preserving user privacy is important, it is also mandatory to monitor and detect specific users' actions, for instance, according to a security policy. This paper presents a solution to monitor HTTP/2 traffic over TLS. It highly differs from HTTP/1.1 over TLS traffic what makes existing monitoring techniques obsolete. Our solution, H2Classifier, aims at detecting if a user performs an action that has been previously defined over a monitored Web service, but without using any decryption. It is thus only based on passive traffic analysis and relies on random forest classifier. A challenge is to extract representative values of the loaded content associated to a Web page, which is actually customized based on the user action. Extensive evaluations with five top used Web services demonstrate the viability of our technique with an accuracy between 94% and 99%.
Cited literature [45 references]
https://hal.inria.fr/hal-02316644
Contributor : Thibault Cholez <>
Submitted on : Thursday, November 7, 2019 - 2:17:34 PM
Last modification on : Monday, November 30, 2020 - 10:26:03 PM
Long-term archiving on: : Saturday, February 8, 2020 - 11:39:47 PM
Contributor : Thibault Cholez <>
Submitted on : Thursday, November 7, 2019 - 2:17:34 PM
Last modification on : Monday, November 30, 2020 - 10:26:03 PM
Long-term archiving on: : Saturday, February 8, 2020 - 11:39:47 PM
File
Transparent and Service-Agnost...
Files produced by the author(s)