|
|
Detection of Mobile Apps in Network Traffic Using JA3 Fingerprinting
Vavro, Ján ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
In recent years, mobile network communication became more secure. The reason is encapsulation with TLS protocol, that encrypts transmitted data. User security was increased, but on the other hand it limits network monitoring possibilities, because the data are encrypted. This thesis researches possibilities of monitoring mobile applications in network traffic using JA3 and JA3S fingerprints. The aim is to implement tools for automated creation of fingerprints database and consecutive detection.
|
|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
|
|
Mobile Application Monitoring Using TLS Fingerprints
Kočí, Jan ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
The main purpose of this thesis is to study the possibility of using TLS fingerprints for mobile application monitoring and apply these methods to monitor network flows created by the Flowmon probe. To create the fingerprints the JA3 and JA3S methods are used. Apart from the TLS fingerprints, the implemented classifier uses SNI values to classify input flows. First, a dataset containing fingerprints of selected applications is created. This dataset is used together with the implemented classifier to classify input flows. Following is a description of the proposed classification methods and the implemented classifier. The classifier is evaluated using the Accuracy, Precision and Recall evaluation metrics. Finally, the classifier is used in several experiments that demonstrate its possible applications.
|
|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
|
|
Mobile Application Monitoring Using TLS Fingerprints
Kočí, Jan ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
The main purpose of this thesis is to study the possibility of using TLS fingerprints for mobile application monitoring and apply these methods to monitor network flows created by the Flowmon probe. To create the fingerprints the JA3 and JA3S methods are used. Apart from the TLS fingerprints, the implemented classifier uses SNI values to classify input flows. First, a dataset containing fingerprints of selected applications is created. This dataset is used together with the implemented classifier to classify input flows. Following is a description of the proposed classification methods and the implemented classifier. The classifier is evaluated using the Accuracy, Precision and Recall evaluation metrics. Finally, the classifier is used in several experiments that demonstrate its possible applications.
|
|
|
Detection of Mobile Apps in Network Traffic Using JA3 Fingerprinting
Vavro, Ján ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
In recent years, mobile network communication became more secure. The reason is encapsulation with TLS protocol, that encrypts transmitted data. User security was increased, but on the other hand it limits network monitoring possibilities, because the data are encrypted. This thesis researches possibilities of monitoring mobile applications in network traffic using JA3 and JA3S fingerprints. The aim is to implement tools for automated creation of fingerprints database and consecutive detection.
|
guest ::
