Early Identification of Services in HTTPS Traffic

by   Wazen M. Shbair, et al.

Traffic monitoring is essential for network management tasks that ensure security and QoS. However, the continuous increase of HTTPS traffic undermines the effectiveness of current service-level monitoring that can only rely on unreliable parameters from the TLS handshake (X.509 certificate, SNI) or must decrypt the traffic. We propose a new machine learning-based method to identify HTTPS services without decryption. By extracting statistical features on TLS handshake packets and on a small number of application data packets, we can identify HTTPS services very early in the session. Extensive experiments performed over a significant and open dataset show that our method offers a good accuracy and a prototype implementation confirms that the early identification of HTTPS services is satisfied.


A Survey of HTTPS Traffic and Services Identification Approaches

HTTPS is quickly rising alongside the need of Internet users to benefit ...

Evaluating Snowflake as an Indistinguishable Censorship Circumvention Tool

Tor is the most well-known tool for circumventing censorship. Unfortunat...

Distributed Function Chaining with Anycast Routing

Current networks more and more rely on virtualized middleboxes to flexib...

Judicious QoS using Cloud Overlays

We revisit the long-standing problem of providing network QoS to applica...

FairNet: A Measurement Framework for Traffic Discrimination Detection on the Internet

Network neutrality is related to the non-discriminatory treatment of pac...

Deep Transfer Learning for Identifications of Slope Surface Cracks

Geohazards such as landslides have caused great losses to the safety of ...

Tracemax: A Novel Single Packet IP Traceback Strategy for Data-Flow Analysis

The identification of the exact path that packets are routed on in the n...