Accurate TLS Fingerprinting using Destination Context and Knowledge Bases

by   Blake Anderson, et al.

Network fingerprinting is used to identify applications, provide insight into network traffic, and detect malicious activity. With the broad adoption of TLS, traditional fingerprinting techniques that rely on clear-text data are no longer viable. TLS-specific techniques have been introduced that create a fingerprint string from carefully selected data features in the client_hello to facilitate process identification before data is exchanged. Unfortunately, this approach fails in practice because hundreds of processes can map to the same fingerprint string. We solve this problem by presenting a TLS fingerprinting system that makes use of the destination address, port, and server name in addition to a carefully constructed fingerprint string. The destination context is used to disambiguate the set of processes that match a fingerprint string by applying a weighted naive Bayes classifier, resulting in far greater performance.


page 1

page 2

page 3

page 4


A Novel Approach for Partial Fingerprint Identification to Mitigate MasterPrint Generation

Partial fingerprint recognition is a method to recognize an individual w...

DWT Based Fingerprint Recognition using Non Minutiae Features

Forensic applications like criminal investigations, terrorist identifica...

An Overview of Fingerprint-Based Authentication: Liveness Detection and Beyond

In this paper, we provide an overview of fingerprint sensing methods use...

FingerGAN: A Constrained Fingerprint Generation Scheme for Latent Fingerprint Enhancement

Latent fingerprint enhancement is an essential pre-processing step for l...

An Effective Fingerprint Verification Technique

This paper presents an effective method for fingerprint verification bas...

Fixed-length Bit-string Representation of Fingerprint by Normalized Local Structures

In this paper, we propose a method to represent a fingerprint image by a...