|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
|
|
Detection of Mobile Applications Using Traffic Profiling
Babic, Radovan ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This bachelor thesis deals with JA3 and JA3S methods of digital profiling of mobile applications based on TLS handshake between client and server. The thesis describes the used method of emulation of mobile devices using the Android operating system, installation of applications, generation and capture of traffic needed to create a database of profiles. Furthermore, the work describes the method that I implemented in the tool for automated creation of a database of digital profiles of applications and their subsequent classification and recognition using data obtained from internet traffic in the network.
|
|
|
Mobile Application Identification Based on TLS Data
Borbély, Richard ; Matoušek, Petr (referee) ; Burgetová, Ivana (advisor)
This thesis deals with identification of mobile applications based on data from network protocol TLS. It conducts a research of values from the TLS handshake, specifically of JA3, JA3S and SNI values. The work represents an application that includes an algorithm performing a classification over TLS data. The results of the classification represent information based on which we can decide, if the identification of the apps was successful. This method allowed to identify 17 of the 18 given applications. The benefit of this work is the ability to identify mobile apps based on JA3, JA3S and SNI values and for example, it can be used in network administration.
|
|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
|
|
Detection of Mobile Applications Using Traffic Profiling
Babic, Radovan ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This bachelor thesis deals with JA3 and JA3S methods of digital profiling of mobile applications based on TLS handshake between client and server. The thesis describes the used method of emulation of mobile devices using the Android operating system, installation of applications, generation and capture of traffic needed to create a database of profiles. Furthermore, the work describes the method that I implemented in the tool for automated creation of a database of digital profiles of applications and their subsequent classification and recognition using data obtained from internet traffic in the network.
|
|
|
Mobile Application Identification Based on TLS Data
Borbély, Richard ; Matoušek, Petr (referee) ; Burgetová, Ivana (advisor)
This thesis deals with identification of mobile applications based on data from network protocol TLS. It conducts a research of values from the TLS handshake, specifically of JA3, JA3S and SNI values. The work represents an application that includes an algorithm performing a classification over TLS data. The results of the classification represent information based on which we can decide, if the identification of the apps was successful. This method allowed to identify 17 of the 18 given applications. The benefit of this work is the ability to identify mobile apps based on JA3, JA3S and SNI values and for example, it can be used in network administration.
|
guest ::
