AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (5.5 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

DTA-HOC: Online HTTPS Traffic Service Identification Using DNS in Large-Scale Networks

Xuemei ZengXingshu Chen( )Guolin ShaoTao HeLina Wang
Cybersecurity Research Institute, Sichuan University, Chengdu 610065, China.
College of Cybersecurity, Sichuan University, Chengdu 610065, China.
College of Computer Science, Sichuan University, Chengdu 610065, China.
Show Author Information

Abstract

An increasing number of websites are making use of HTTPS encryption to enhance security and privacy for their users. However, HTTPS encryption makes it very difficult to identify the service over HTTPS flows, which poses challenges to network security management. In this paper we present DTA-HOC, a novel DNS-based two-level association HTTPS traffic online service identification method for large-scale networks, which correlates HTTPS flows with DNS flows using big data stream processing and association technologies to label the service in an HTTPS flow with a specific associated domain name. DTA-HOC has been specifically designed to address three practical challenges in the service identification process: domain name ambiguity, domain name query invisibility, and data association time window size contradictions. Several experiments on datasets collected from a 10-Gbps campus network are conducted alongside offline and online testing. Results show that DTA-HOC can achieve an average online association rate on HTTPS traffic of 83% and a generic accuracy of 86.16%. Its processing time for one minute of data is less than 20 seconds. These results indicate that DTA-HOC is an efficient method for online identification of services in HTTPS flows for large-scale networks. Moreover, our proposed method can contribute to the identification of other applications which make a Domain Name System (DNS) communication before establishing a connection.

References

【1】
【1】
 
 
Tsinghua Science and Technology
Pages 239-254

{{item.num}}

Comments on this article

Go to comment

< Back to all reports

Review Status: {{reviewData.commendedNum}} Commended , {{reviewData.revisionRequiredNum}} Revision Required , {{reviewData.notCommendedNum}} Not Commended Under Peer Review

Review Comment

Close
Close
Cite this article:
Zeng X, Chen X, Shao G, et al. DTA-HOC: Online HTTPS Traffic Service Identification Using DNS in Large-Scale Networks. Tsinghua Science and Technology, 2020, 25(2): 239-254. https://doi.org/10.26599/TST.2019.9010008

1114

Views

76

Downloads

2

Crossref

N/A

Web of Science

4

Scopus

1

CSCD

Received: 07 October 2018
Revised: 28 January 2019
Accepted: 04 March 2019
Published: 02 September 2019
© The author(s) 2020

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).