Skip to Main content Skip to Navigation
Journal articles

Transparent and Service-Agnostic Monitoring of Encrypted Web Traffic

Abstract : Nowadays, most of Web services are accessed through HTTPS. While preserving user privacy is important, it is also mandatory to monitor and detect specific users' actions, for instance, according to a security policy. This paper presents a solution to monitor HTTP/2 traffic over TLS. It highly differs from HTTP/1.1 over TLS traffic what makes existing monitoring techniques obsolete. Our solution, H2Classifier, aims at detecting if a user performs an action that has been previously defined over a monitored Web service, but without using any decryption. It is thus only based on passive traffic analysis and relies on random forest classifier. A challenge is to extract representative values of the loaded content associated to a Web page, which is actually customized based on the user action. Extensive evaluations with five top used Web services demonstrate the viability of our technique with an accuracy between 94% and 99%.
Document type :
Journal articles
Complete list of metadata

Cited literature [45 references]  Display  Hide  Download

https://hal.inria.fr/hal-02316644
Contributor : Thibault Cholez <>
Submitted on : Thursday, November 7, 2019 - 2:17:34 PM
Last modification on : Monday, November 30, 2020 - 10:26:03 PM
Long-term archiving on: : Saturday, February 8, 2020 - 11:39:47 PM

File

Transparent and Service-Agnost...
Files produced by the author(s)

Identifiers

Collections

Citation

Pierre-Olivier Brissaud, Jérôme François, Isabelle Chrisment, Thibault Cholez, Olivier Bettan. Transparent and Service-Agnostic Monitoring of Encrypted Web Traffic. IEEE Transactions on Network and Service Management, IEEE, 2019, 16 (3), pp.842-856. ⟨10.1109/TNSM.2019.2933155⟩. ⟨hal-02316644v2⟩

Share

Metrics

Record views

266

Files downloads

595