Advanced SearchSearch Tips
Service Identification Method for Encrypted Traffic Based on SSL/TLS
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Service Identification Method for Encrypted Traffic Based on SSL/TLS
Kim, Sung-Min; Park, Jun-Sang; Yoon, Sung-Ho; Kim, Jong-Hyun; Choi, Sun-Oh; Kim, Myung-Sup;
  PDF(new window)
The SSL/TLS, one of the most popular encryption protocol, was developed as a solution of various network security problem while the network traffic has become complex and diverse. But the SSL/TLS traffic has been identified as its protocol name, not its used services, which is required for the effective network traffic management. This paper proposes a new method to generate service signatures automatically from SSL/TLS payload data and to classify network traffic in accordance with their application services. We utilize the certificate publication information field in the certificate exchanging record of SSL/TLS traffic for the service signatures, which occurs when SSL/TLS performs Handshaking before encrypt transmission. We proved the performance and feasibility of the proposed method by experimental result that classify about 95% SSL/TLS traffic with 95% accuracy for every SSL/TLS services.
SSL/TLS;Payload Signature;Handshake;Certificate;Traffic Classification;
 Cited by
RFC 5246, The Transport Layer Security (TLS) Protocol Version 1.2, Retrieved 16, Feb. 2015,

K.-L. Kim, M.-S. Kim, and H. Kim, "SSH traffic identification using EM clustering," J. KICS, vol. 37, no. 12, pp. 1160-1167, 2012.

J.-S. Park, S.-H. Yoon, Y. Won, and M.-S. Kim, "A lightweight software model for signature-based application-level traffic classification system," IEICE Trans. Inf. Syst., vol. 97, no. 10, pp. 2697-2705, 2014.

S.-H. Yoon, J.-S. Park, and M.-S. Kim, "Header signature maintenance for internet traffic identification," KNOM Rev., vol. 16, no. 1, Jul. 2013.

J.-S. Park, S.-H. Yoon, and M.-S. Kim, "Performance improvement of the payload signature based traffic classification system using application traffic locality," J. KICS, vol. 38, no. 7, pp. 519-525, 2013.

H.-M. An, J.-H. Ham, and M.-S. Kim, "Performance improvement of the statistical information based traffic identification system," KIPS Trans. Computer and Commun. Syst.(KTCCS), vol. 2, no. 8, pp. 335-342, Aug. 2013. crossref(new window)

C. McCarthy and A. N. Zincir-Heywood, "An investigation on identifying SSL traffic," 2011 IEEE Symp. CISDA, pp. 115-122, Paris, France, Apr. 2011.

S.-H. Kong and J.-Y. Lee, "Effective contents delivery system using service adaptive network architecture(SaNA)," J. KICS, vol. 39, no. 6, pp. 406-413, 2014.