Browse > Article

사이버 위협 인텔리전스를 위한 TLS Fingerprinting 동향  

Roh, Heejun (고려대학교 일반대학원 사이버보안학과)
Publication Information
Review of KIISC / v.31, no.5, 2021 , pp. 13-19 More about this Journal
Keywords
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. Anderson and D. McGrew, "TLS Beyond the Browser: Combining End Host and Network Data to Understand Application Behavior," in Proceedings of the 2019 ACM Internet Measurement Conference (IMC), October 2019.
2 C. Johnson, L. Badger, D. Waltermire, J. Snyder, and C. Skorupka, Guide to Cyber Threat Information Sharing, NIST Special Publication 800-150, National Institute of Standards and Technology, October 2016.
3 김대건, 백승수, 유동희, "사이버위기에 대응하기 위한 국가정보기관의 사이버위협정보 공유 역할에 대한 고찰," 디지털융복합연구, 15(6), pp. 51-59, 2017.   DOI
4 K. Thomas, R. Amira, A. Ben-Yoash, O. Folger, A. Hardon, A. Berge, E. Bursztein, and M. Bailey, "The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges," in Proc eedings of the 19th International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), September 19-21, 2016.
5 A. Zibak and A. Simpson, "Cyber Threat Information Sharing: Perceived Benefits and Barriers," in Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES), August 2019.
6 김경한, 이슬기, 김병익, 박순태, "OSINT기반의 활용 가능한 사이버 위협 인텔리전스 생성을 위한 위협 정보 수집 시스템," 정보보호학회지, 29(6), December 2019.
7 G. S. Poh, D. M. Divikaran, H. W. Lim, J. Ning, and A. Desai, "A Survey of Privacy-Preserving Techniques for Encrypted Traffic Inspection over Network Middleboxes," arXiv 2101.04338v1, 2021.
8 M. Conti, Q. Q. Li, A. Maragno, and R. Spolaor, "The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis," IEEE Communications Surveys & Tutorials, 20(4), pp. 2658-2713, Fourth Quarter 2018.   DOI
9 K. C. Claffy, H.-W. Braun, and G. C. Polyzos, "A Parameterizable Methodology for Internet Traffic Flow Profiling," IEEE Journal of Selected Areas in Communications, 13(8), pp. 1481-1494, October 1995.   DOI
10 Fyodor, Remote OS detection via TCP/IP Stack FingerPrinting, October 18, 1998. URL: https://nmap.org/nmap- fingerprinting-article.txt
11 M. Zalewski, p0f - passive os fingerprinting tool, BugTraq mailing list, nmap, June 10, 2000. URL: https://seclists.org/bugtraq/2000/Jun/141
12 R. Barnes, M. Thomson, A. Pironti, and A. Langley, Deprecating Secure Sockets Layer Version 3.0, RFC 8996, IETF, June 2015.
13 T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5246, IETF, April 2008.
14 K. Moriarty and S. Farrell, Depreca- ting TLS 1.0 and TLS 1.1, RFC 8996, IETF, March 2021.
15 M. Korczynski, and A. Duda, "Markov Chain Fingerprinting to Classify Encry- pted Traffic," in Proceedings of the 33rd IEEE International Conference on Computer Communications (INFO- COM), April 2014.
16 Cisco Systems, joy: A Package for Capturing and Analyzing Network Flow Data and Intrafow Data, for Network Research, Forensics, and Security Monitoring, 2016. URL: https://github .com/cis-co/joy
17 I. Ristic, HTTP Client Fingerprinting Using SSL Handshake Analysis, 2009. URL: https://www.ssllabs.com/projects /client-finger-printing/
18 L. Brotherston, TLS Fingerprinting: Smarter Defending & Stealthier Attacking, September 2015. URL: https://blog.squarelemon.com/tls-fingerprinting/
19 J. Althouse, TLS Fingerprinting with JA3 and JA 3S, January 2019. URL: https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967
20 B. Anderson and D. McGrew, "Accurate TLS Fingerprinting using Destination Context and Knowledge Bases," Arxiv 2009.01939, September 2020.
21 T. Dierks and C. Allen, The TLS Protocol Version 1.0, RFC 2246, IETF, January 1999.
22 T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.1, RFC 4346, IETF, April 2006.
23 R. McMillan, Definition: Threat Intelligence, Gartner Research, May 2013. URL: https://www.gartner.com/doc/2487216/definition-threat-intelligence
24 M. Majkowski, SSL Fingerprinting for p0f, June 2012. URL: https://idea.popcount.org/2012-06-17-ssl-fingerprinting-for-p0f/
25 K. Paine, O. Whitehouse, and J. Sellwood, "Indicators of Compromise (IoCs) and Their Role in Attack Defence," draft-pain e-smart-indicators-of-compromise-03, Internet-Draft, July 12, 2021.
26 J. Althouse, Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection, July 2017. URL: https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
27 B. Anderson and D. McGrew, "Identifying Encrypted Malware Traffic with Contextual Flow Data," in Proceedings of the 9 th ACM Workshop on Artificial Intelligence and Security (AISec) co-located with ACM CCS, October 2016.
28 P. Gao, X. Liu, E. Choi, B. Soman, C. Mishra, K. Farris, and D. Song, "A System for Automated Open-Source Threat Intelligence Gathering and Management," in Proceedings of the 2021 ACM SIGMOD/PODS Conference, June 20-25, 2021.
29 P. Dimou, J. Fajfer, N. Muller, E. Papadogiannaki, E. Rekleitis, and F. Strasak, Encrypted Traffic Analysis: Use Cases & Security Challenges, European Union Agency for Cybersecurity (ENISA), November 2019.
30 R. Beverly, "A Robust Classifier for Passive TCP/IP Fingerprinting," in Proceedings of the 5 th International Workshop on Passive and Active Network Measurement (PAM), April 2004.
31 E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, RFC 8446, IETF, April 2018.
32 B. Anderson, S. Paul, and D. McGrew, "Deciphering malware's use of TLS (without de- cryption)," Journal of Computer Virology and Hacking Techniques, 14(3), pp. 195- 211, August 2018.   DOI
33 V. Paxson, "Bro: System for Detecting Network Intruders in Real-Time," in Proceedings of the 7 th USENIX Security Symposium, Jaunary 1998.