SFMap: Inferring Services over Encrypted Web Flows Using Dynamical Domain Name Graphs - Traffic Monitoring and Analysis
Conference Papers Year : 2015

SFMap: Inferring Services over Encrypted Web Flows Using Dynamical Domain Name Graphs

Tatsuya Mori
  • Function : Author
  • PersonId : 995519
Takeru Inoue
  • Function : Author
Akihiro Shimoda
  • Function : Author
Kazumichi Sato
  • Function : Author

Abstract

Most modern Internet services are carried over the web. A significant amount of web transactions is now encrypted and the transition to encryption has made it difficult for network operators to understand traffic mix. The goal of this study is to enable network operators to infer hostnames within HTTPS traffic because hostname information is useful to understand the breakdown of encrypted web traffic. The proposed approach correlates HTTPS flows and DNS queries/responses. Although this approach may appear trivial, recent deployment and implementation of DNS ecosystems have made it a challenging research problem; i.e., canonical name tricks used by CDNs, the dynamic and diverse nature of DNS TTL settings, and incomplete measurements due to the existence of various caching mechanisms. To tackle these challenges, we introduce domain name graph (DNG), which is a formal expression that characterizes the highly dynamic and diverse nature of DNS mechanisms. Furthermore, we have developed a framework called Service-Flow map (SFMap) that works on top of the DNG. SFMap statistically estimates the hostname of an HTTPS server, given a pair of client and server IP addresses. We evaluate the performance of SFMap through extensive analysis using real packet traces collected from two locations with different scales. We demonstrate that SFMap establishes good estimation accuracies and outperforms a state-of-the-art approach.
Fichier principal
Vignette du fichier
336978_1_En_9_Chapter.pdf (245.08 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01411189 , version 1 (07-12-2016)

Licence

Identifiers

Cite

Tatsuya Mori, Takeru Inoue, Akihiro Shimoda, Kazumichi Sato, Keisuke Ishibashi, et al.. SFMap: Inferring Services over Encrypted Web Flows Using Dynamical Domain Name Graphs. 7th Workshop on Traffic Monitoring and Analysis (TMA), Apr 2015, Barcelona, Spain. pp.126-139, ⟨10.1007/978-3-319-17172-2_9⟩. ⟨hal-01411189⟩
94 View
117 Download

Altmetric

Share

More