Další formáty:
BibTeX
LaTeX
RIS
@article{1321931, author = {Husák, Martin and Čermák, Milan and Jirsík, Tomáš and Čeleda, Pavel}, article_number = {1}, doi = {http://dx.doi.org/10.1186/s13635-016-0030-7}, keywords = {Network monitoring;HTTPS;User-Agent;SSL;TLS;Fingerprinting}, language = {eng}, issn = {2510-523X}, journal = {EURASIP Journal on Information Security}, title = {HTTPS Traffic Analysis and Client Identification Using Passive SSL/TLS Fingerprinting}, url = {https://link.springer.com/article/10.1186/s13635-016-0030-7}, volume = {2016}, year = {2016} }
TY - JOUR ID - 1321931 AU - Husák, Martin - Čermák, Milan - Jirsík, Tomáš - Čeleda, Pavel PY - 2016 TI - HTTPS Traffic Analysis and Client Identification Using Passive SSL/TLS Fingerprinting JF - EURASIP Journal on Information Security VL - 2016 IS - 1 SP - 1-14 EP - 1-14 SN - 2510523X KW - Network monitoring;HTTPS;User-Agent;SSL;TLS;Fingerprinting UR - https://link.springer.com/article/10.1186/s13635-016-0030-7 L2 - https://link.springer.com/article/10.1186/s13635-016-0030-7 N2 - The encryption of network traffic complicates legitimate network monitoring, traffic analysis, and network forensics. In this paper, we present real-time lightweight identification of HTTPS clients based on network monitoring and SSL/TLS fingerprinting. Our experiment shows that it is possible to estimate the User-Agent of a client in HTTPS communication via the analysis of the SSL/TLS handshake. The fingerprints of SSL/TLS handshakes, including a list of supported cipher suites, differ among clients and correlate to User-Agent values from a HTTP header. We built up a dictionary of SSL/TLS cipher suite lists and HTTP User-Agents and assigned the User-Agents to the observed SSL/TLS connections to identify communicating clients. The dictionary was used to classify live HTTPS network traffic. We were able to retrieve client types from 95.4 % of HTTPS network traffic. Further, we discussed host-based and network-based methods of dictionary retrieval and estimated the quality of the data. ER -
HUSÁK, Martin, Milan ČERMÁK, Tomáš JIRSÍK a Pavel ČELEDA. HTTPS Traffic Analysis and Client Identification Using Passive SSL/TLS Fingerprinting. \textit{EURASIP Journal on Information Security}. 2016, roč.~2016, č.~1, s.~1-14. ISSN~2510-523X. Dostupné z: https://dx.doi.org/10.1186/s13635-016-0030-7.
|