English

Early Identification of Services in HTTPS Traffic

Cryptography and Security 2020-08-20 v1

Abstract

Traffic monitoring is essential for network management tasks that ensure security and QoS. However, the continuous increase of HTTPS traffic undermines the effectiveness of current service-level monitoring that can only rely on unreliable parameters from the TLS handshake (X.509 certificate, SNI) or must decrypt the traffic. We propose a new machine learning-based method to identify HTTPS services without decryption. By extracting statistical features on TLS handshake packets and on a small number of application data packets, we can identify HTTPS services very early in the session. Extensive experiments performed over a significant and open dataset show that our method offers a good accuracy and a prototype implementation confirms that the early identification of HTTPS services is satisfied.

Keywords

Cite

@article{arxiv.2008.08350,
  title  = {Early Identification of Services in HTTPS Traffic},
  author = {Wazen M. Shbair and Thibault Cholez and Jerome Francois and Isabelle Chrisment},
  journal= {arXiv preprint arXiv:2008.08350},
  year   = {2020}
}
R2 v1 2026-06-23T17:57:32.530Z