Browse > Article
http://dx.doi.org/10.7840/kics.2015.40.11.2160

Service Identification Method for Encrypted Traffic Based on SSL/TLS  

Kim, Sung-Min (Dept. of Computer and Information Science, Korea University)
Park, Jun-Sang (Dept. of Computer and Information Science, Korea University)
Yoon, Sung-Ho (Dept. of Computer and Information Science, Korea University)
Kim, Jong-Hyun (Network Security Research Section, Cyber Security Research Laboratory, ETRI)
Choi, Sun-Oh (Network Security Research Section, Cyber Security Research Laboratory, ETRI)
Kim, Myung-Sup (Dept. of Computer and Information Science, Korea University)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.40, no.11, 2015 , pp. 2160-2168 More about this Journal
Abstract
The SSL/TLS, one of the most popular encryption protocol, was developed as a solution of various network security problem while the network traffic has become complex and diverse. But the SSL/TLS traffic has been identified as its protocol name, not its used services, which is required for the effective network traffic management. This paper proposes a new method to generate service signatures automatically from SSL/TLS payload data and to classify network traffic in accordance with their application services. We utilize the certificate publication information field in the certificate exchanging record of SSL/TLS traffic for the service signatures, which occurs when SSL/TLS performs Handshaking before encrypt transmission. We proved the performance and feasibility of the proposed method by experimental result that classify about 95% SSL/TLS traffic with 95% accuracy for every SSL/TLS services.
Keywords
SSL/TLS; Payload Signature; Handshake; Certificate; Traffic Classification;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 RFC 5246, The Transport Layer Security (TLS) Protocol Version 1.2, Retrieved 16, Feb. 2015, https://tools.ietf.org/html/rfc5246
2 K.-L. Kim, M.-S. Kim, and H. Kim, "SSH traffic identification using EM clustering," J. KICS, vol. 37, no. 12, pp. 1160-1167, 2012.
3 J.-S. Park, S.-H. Yoon, Y. Won, and M.-S. Kim, "A lightweight software model for signature-based application-level traffic classification system," IEICE Trans. Inf. Syst., vol. 97, no. 10, pp. 2697-2705, 2014.
4 S.-H. Yoon, J.-S. Park, and M.-S. Kim, "Header signature maintenance for internet traffic identification," KNOM Rev., vol. 16, no. 1, Jul. 2013.
5 J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of the payload signature based traffic classification system using application traffic locality," J. KICS, vol. 38, no. 7, pp. 519-525, 2013.
6 H.-M. An, J.-H. Ham, and M.-S. Kim, "Performance improvement of the statistical information based traffic identification system," KIPS Trans. Computer and Commun. Syst.(KTCCS), vol. 2, no. 8, pp. 335-342, Aug. 2013.   DOI
7 C. McCarthy and A. N. Zincir-Heywood, "An investigation on identifying SSL traffic," 2011 IEEE Symp. CISDA, pp. 115-122, Paris, France, Apr. 2011.
8 S.-H. Kong and J.-Y. Lee, "Effective contents delivery system using service adaptive network architecture(SaNA)," J. KICS, vol. 39, no. 6, pp. 406-413, 2014.