Early Identification of Services in HTTPS Traffic
Abstract
Traffic monitoring is essential for network management tasks that ensure security and QoS. However, the continuous increase of HTTPS traffic undermines the effectiveness of current service-level monitoring that can only rely on unreliable parameters from the TLS handshake (X.509 certificate, SNI) or must decrypt the traffic. We propose a new machine learning-based method to identify HTTPS services without decryption. By extracting statistical features on TLS handshake packets and on a small number of application data packets, we can identify HTTPS services very early in the session. Extensive experiments performed over a significant and open dataset show that our method offers a good accuracy and a prototype implementation confirms that the early identification of HTTPS services is satisfied.
Keywords
Cite
@article{arxiv.2008.08350,
title = {Early Identification of Services in HTTPS Traffic},
author = {Wazen M. Shbair and Thibault Cholez and Jerome Francois and Isabelle Chrisment},
journal= {arXiv preprint arXiv:2008.08350},
year = {2020}
}