-
Early Identification of Services in HTTPS Traffic
Authors:
Wazen M. Shbair,
Thibault Cholez,
Jerome Francois,
Isabelle Chrisment
Abstract:
Traffic monitoring is essential for network management tasks that ensure security and QoS. However, the continuous increase of HTTPS traffic undermines the effectiveness of current service-level monitoring that can only rely on unreliable parameters from the TLS handshake (X.509 certificate, SNI) or must decrypt the traffic. We propose a new machine learning-based method to identify HTTPS services…
▽ More
Traffic monitoring is essential for network management tasks that ensure security and QoS. However, the continuous increase of HTTPS traffic undermines the effectiveness of current service-level monitoring that can only rely on unreliable parameters from the TLS handshake (X.509 certificate, SNI) or must decrypt the traffic. We propose a new machine learning-based method to identify HTTPS services without decryption. By extracting statistical features on TLS handshake packets and on a small number of application data packets, we can identify HTTPS services very early in the session. Extensive experiments performed over a significant and open dataset show that our method offers a good accuracy and a prototype implementation confirms that the early identification of HTTPS services is satisfied.
△ Less
Submitted 19 August, 2020;
originally announced August 2020.
-
A Survey of HTTPS Traffic and Services Identification Approaches
Authors:
Wazen M. Shbair,
Thibault Cholez,
Jerome Francois,
Isabelle Chrisment
Abstract:
HTTPS is quickly rising alongside the need of Internet users to benefit from security and privacy when accessing the Web, and it becomes the predominant application protocol on the Internet. This migration towards a secure Web using HTTPS comes with important challenges related to the management of HTTPS traffic to guarantee basic network properties such as security, QoS, reliability, etc. But enc…
▽ More
HTTPS is quickly rising alongside the need of Internet users to benefit from security and privacy when accessing the Web, and it becomes the predominant application protocol on the Internet. This migration towards a secure Web using HTTPS comes with important challenges related to the management of HTTPS traffic to guarantee basic network properties such as security, QoS, reliability, etc. But encryption undermines the effectiveness of standard monitoring techniques and makes it difficult for ISPs and network administrators to properly identify and manage the services behind HTTPS traffic. This survey details the techniques used to monitor HTTPS traffic, from the most basic level of protocol identification (TLS, HTTPS), to the finest identification of precise services. We show that protocol identification is well mastered while more precise levels keep being challenging despite recent advances. We also describe practical solutions that lead us to discuss the trade-off between security and privacy and the research directions to guarantee both of them.
△ Less
Submitted 19 August, 2020;
originally announced August 2020.
-
Comparing paedophile activity in different P2P systems
Authors:
Raphaël Fournier,
Thibault Cholez,
Matthieu Latapy,
Clémence Magnien,
Isabelle Chrisment,
Ivan Daniloff,
Olivier Festor
Abstract:
Peer-to-peer (P2P) systems are widely used to exchange content over the Internet. Knowledge on paedophile activity in such networks remains limited while it has important social consequences. Moreover, though there are different P2P systems in use, previous academic works on this topic focused on one system at a time and their results are not directly comparable.
We design a methodology for comp…
▽ More
Peer-to-peer (P2P) systems are widely used to exchange content over the Internet. Knowledge on paedophile activity in such networks remains limited while it has important social consequences. Moreover, though there are different P2P systems in use, previous academic works on this topic focused on one system at a time and their results are not directly comparable.
We design a methodology for comparing \kad and \edonkey, two P2P systems among the most prominent ones and with different anonymity levels. We monitor two \edonkey servers and the \kad network during several days and record hundreds of thousands of keyword-based queries. We detect paedophile-related queries with a previously validated tool and we propose, for the first time, a large-scale comparison of paedophile activity in two different P2P systems. We conclude that there are significantly fewer paedophile queries in \kad than in \edonkey (approximately 0.09% \vs 0.25%).
△ Less
Submitted 19 June, 2012;
originally announced June 2012.
