Detail výsledku

Towards Identification of Network Applications in Encrypted Traffic

BURGETOVÁ, I.; MATOUŠEK, P.; RYŠAVÝ, O. Towards Identification of Network Applications in Encrypted Traffic. The Proceedings of the 8th Cyber Security in Networking Conference (CSNet 2024). IEEE Explore. Paris: IEEE Communications Society, 2024. p. 213-221. ISBN: 979-8-3315-3410-3.

Typ

článek ve sborníku konference

Jazyk

anglicky

Autoři

Burgetová Ivana, Ing., Ph.D., UIFS (FIT)
Matoušek Petr, doc. Ing., Ph.D., M.A., UIFS (FIT)
Ryšavý Ondřej, doc. Ing., Ph.D., UIFS (FIT)

Abstrakt

Network traffic monitoring for security threat detection and network performance
management is challenging because most communications are protected by
encryption. This paper addresses the problem of identifying applications
associated with Transport Layer Security (TLS) network connections. We evaluate
three primary approaches to classifying TLS traffic: fingerprinting methods,
SNI-based identification, and machine learning based classifiers. Each method has
strengths and limitations: fingerprinting relies on a regularly updated database
of known hashes, SNI is vulnerable to obfuscation or missing information, and an
AI technique such as machine learning requires sufficient labelled training data.
To support research in this area, we have also created a novel dataset of
labelled TLS communications for popular desktop and mobile applications. The
comparison of these methods that we present highlights the challenges of
identifying individual applications, as TLS properties are significantly shared
across applications. The simpler task of identifying a collection of candidate
applications still provides valuable insights for network monitoring and can be
achieved with high accuracy by all methods considered. Finally, we suggest
practical use cases and identify future research directions to further improve
application identification methods.

Klíčová slova

TLS fingerprinting, JA4, encrypted traffic, application identification, machine
learning

Rok

2024

Strany

213–221

Sborník

The Proceedings of the 8th Cyber Security in Networking Conference (CSNet 2024)

Řada

IEEE Explore

Svazek

Konference

8th Cyber Security in Networking Conference 2024

ISBN

979-8-3315-3410-3

Vydavatel

IEEE Communications Society

Místo

Paris

DOI

10.1109/CSNet64211.2024

BibTeX

@inproceedings{BUT193364,
  author="Ivana {Burgetová} and Petr {Matoušek} and Ondřej {Ryšavý}",
  title="Towards Identification of Network Applications in Encrypted Traffic",
  booktitle="The Proceedings of the 8th Cyber Security in Networking Conference (CSNet 2024)",
  year="2024",
  series="IEEE Explore",
  volume="8",
  pages="213--221",
  publisher="IEEE Communications Society",
  address="Paris",
  doi="10.1109/CSNet64211.2024",
  isbn="979-8-3315-3410-3",
  url="https://www.fit.vut.cz/research/publication/13289/"
}

Soubory

Projekty

Analýza šifrovaného provozu pomocí síťových toků, MV, Strategická podpora rozvoje bezpečnostního výzkumu ČR 2019–2025 (IMPAKT 1) PODPROGRAMU 1 SPOLEČNÉ VÝZKUMNÉ PROJEKTY (BV IMP1/2VS), VJ02010024, zahájení: 2022-01-01, ukončení: 2025-06-30, ukončen
Chytré informační technologie pro odolnou společnost, VUT, Vnitřní projekty VUT, FIT-S-23-8209, zahájení: 2023-03-01, ukončení: 2026-02-28, řešení

Výzkumné skupiny

NES@FIT - Výzkumná skupina počítačové sítě (VZ NES@FIT)

Pracoviště

Ústav informačních systémů (UIFS)