Publication detail
Towards Identification of Network Applications in Encrypted Traffic
BURGETOVÁ, I. MATOUŠEK, P. RYŠAVÝ, O.
Original Title
Towards Identification of Network Applications in Encrypted Traffic
Type
article in a collection out of WoS and Scopus
Language
English
Original Abstract
Network traffic monitoring for security threat detection and network performance management is challenging because most communications are protected by encryption. This paper addresses the problem of identifying applications associated with Transport Layer Security (TLS) network connections. We evaluate three primary approaches to classifying TLS traffic: fingerprinting methods, SNI-based identification, and machine learning based classifiers. Each method has strengths and limitations: fingerprinting relies on a regularly updated database of known hashes, SNI is vulnerable to obfuscation or missing information, and an AI technique such as machine learning requires sufficient labelled training data. To support research in this area, we have also created a novel dataset of labelled TLS communications for popular desktop and mobile applications. The comparison of these methods that we present highlights the challenges of identifying individual applications, as TLS properties are significantly shared across applications. The simpler task of identifying a collection of candidate applications still provides valuable insights for network monitoring and can be achieved with high accuracy by all methods considered. Finally, we suggest practical use cases and identify future research directions to further improve application identification methods.
Keywords
TLS fingerprinting, JA4, encrypted traffic, application identification, machine learning
Authors
BURGETOVÁ, I.; MATOUŠEK, P.; RYŠAVÝ, O.
Released
4. 12. 2024
Publisher
IEEE Communications Society
Location
Paris
ISBN
979-8-3315-3410-3
Book
The Proceedings of the 8th Cyber Security in Networking Conference (CSNet 2024)
Edition
IEEE Explore
Pages from
213
Pages to
221
Pages count
9
URL
BibTex
@inproceedings{BUT193364,
author="Ivana {Burgetová} and Petr {Matoušek} and Ondřej {Ryšavý}",
title="Towards Identification of Network Applications in Encrypted Traffic",
booktitle="The Proceedings of the 8th Cyber Security in Networking Conference (CSNet 2024)",
year="2024",
series="IEEE Explore",
volume="8",
pages="213--221",
publisher="IEEE Communications Society",
address="Paris",
doi="10.1109/CSNet64211.2024",
isbn="979-8-3315-3410-3",
url="https://www.fit.vut.cz/research/publication/13289/"
}
Documents
Responsibility: Ing. Marek Strakoš