Early Identification of Services in HTTPS Traffic
Wazen M. Shbair, Thibault Cholez, Jerome Francois, Isabelle Chrisment
TL;DR
This paper introduces a machine learning approach to identify HTTPS services early in sessions without decrypting traffic, enhancing network monitoring for security and QoS.
Contribution
It presents a novel method that uses statistical features from TLS handshake and minimal data to accurately identify HTTPS services early, without decryption.
Findings
High accuracy in service identification
Effective early detection in TLS handshake
Prototype confirms practical viability
Abstract
Traffic monitoring is essential for network management tasks that ensure security and QoS. However, the continuous increase of HTTPS traffic undermines the effectiveness of current service-level monitoring that can only rely on unreliable parameters from the TLS handshake (X.509 certificate, SNI) or must decrypt the traffic. We propose a new machine learning-based method to identify HTTPS services without decryption. By extracting statistical features on TLS handshake packets and on a small number of application data packets, we can identify HTTPS services very early in the session. Extensive experiments performed over a significant and open dataset show that our method offers a good accuracy and a prototype implementation confirms that the early identification of HTTPS services is satisfied.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Network Security and Intrusion Detection · Advanced Malware Detection Techniques