Classification of TLS Applications

Richter, Chris; Finsterbusch, Michael; Müller, Jean-Alexander; Hänßgen, Klaus

Home // ICIMP 2014, The Ninth International Conference on Internet Monitoring and Protection // View article

Authors:
Chris Richter
Michael Finsterbusch
Jean-Alexander Müller
Klaus Hänßgen

Keywords: application classification, TLS, Internet traffic, machine learning

Abstract:
Traffic monitoring, traffic engineering, quality of service applications, network intrusion detection systems, as well as network management systems require the basic knowledge of which traffic is transmitted over a network. The increasing number of applications which are using encryption techniques such as TLS lower the ability to determine the applications that are running within a network. In this paper, we propose a method to detect applications in TLS encrypted connections. Our method uses a hybrid approach which combines protocol decoding to identify TLS traffic and to gather reliable information about the application data. Furthermore, a machine learning algorithm is used to determine the application which is protected by TLS. We describe our approach and compare it with other related methods in theory and prove its advantages on network measurements. The results show a significant improvement on classification Recall and Precision.

Pages: 1 to 6

Copyright: Copyright (c) IARIA, 2014

Publication date: July 20, 2014

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-362-9

Location: Paris, France

Dates: from July 20, 2014 to July 24, 2014