|
|
Fingerprinting and Identification of TLS Connections
Hejcman, Lukáš ; Kocnová, Jitka (oponent) ; Kekely, Lukáš (vedoucí práce)
TLS is the most popular encryption protocol used on the internet today. It aims to provide high levels of security and privacy for inter-device communication. However, it presents a challenge from a network monitoring and administration standpoint, as it is not possible to analyse the communication encrypted with TLS at a large scale with existing methods based on deep packet inspection. Analysing encrypted communication can help administrators to detect malicious activity on their networks, and can help them identify potential security threats. In this work, I present a method that allows us to leverage the advantages of two TLS fingerprinting methods, JA3 and Cisco Mercury, to determine the operating system and processes of clients on a computer network. The proposed method is able to achieve comparable or better results than the existing Mercury approach for selected datasets whilst providing more analysis opportunities than JA3. A software implementation of the proposed fingerprinting approach is created as an analysis module for the NEMEA framework.
|
|
|
Collaborative Machine Learning in the Context of Network Security
Hejcman, Lukáš ; Uhříček, Daniel (oponent) ; Žádník, Martin (vedoucí práce)
Machine learning methods have long been applied to the areas of network monitoring and security due to their ability to analyze and classify data at a rapid rate. However, the advancement in computer network speeds and throughput makes creating and managing datasets in a distributed setting more difficult due to their size. Furthermore, sharing such datasets containing captured network traffic of the network’s users presents a grave privacy concern. Thus, methods of collaborative machine learning are being explored in this domain. However, the existing solutions to implementing collaborative machine learning are either proof-of-concept tools or production frameworks, and very little focus is given to bridging this gap. This thesis presents a new framework for collaborative machine learning called FERDINAND, which bridges this gap by focusing on on-the-fly model updates, extensibility, and easy configuration. This framework was developed in close cooperation with the CESNET research team focusing on network monitoring and security, and is implemented to be a viable production-grade tool that can be deployed on the backend infrastructure of CESNET. This work further explores the viability of using the FERDINAND framework within the context of network monitoring by applying it to state-of-the-art methods for the detection of malicious devices or the classification of DNS over HTTPS traffic. Lastly, future development directions for the framework are explored.
|
|
|
Fingerprinting and Identification of TLS Connections
Hejcman, Lukáš ; Kocnová, Jitka (oponent) ; Kekely, Lukáš (vedoucí práce)
TLS is the most popular encryption protocol used on the internet today. It aims to provide high levels of security and privacy for inter-device communication. However, it presents a challenge from a network monitoring and administration standpoint, as it is not possible to analyse the communication encrypted with TLS at a large scale with existing methods based on deep packet inspection. Analysing encrypted communication can help administrators to detect malicious activity on their networks, and can help them identify potential security threats. In this work, I present a method that allows us to leverage the advantages of two TLS fingerprinting methods, JA3 and Cisco Mercury, to determine the operating system and processes of clients on a computer network. The proposed method is able to achieve comparable or better results than the existing Mercury approach for selected datasets whilst providing more analysis opportunities than JA3. A software implementation of the proposed fingerprinting approach is created as an analysis module for the NEMEA framework.
|
host ::
RSS.