SFMap: Inferring services over encrypted web flows using dynamical domain name graphs

Tatsuya Mori, Takeru Inoue, Akihiro Shimoda, Kazumichi Sato, Keisuke Ishibashi, Shigeki Goto

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    12 Citations (Scopus)

    Abstract

    Most modern Internet services are carried over the web. A significant amount of web transactions is now encrypted and the transition to encryption hasmade it difficult for network operators to understand traffic mix.Thegoal of this study is to enable network operators to inferhostnames within HTTPS traffic because hostname information is useful to understand the breakdown of encrypted web traffic. The proposed approach correlates HTTPS flows and DNS queries/responses. Although this approach may appear trivial, recent deployment and implementation ofDNS ecosystems have made it a challenging research problem; i.e., canonical name tricks used by CDNs, the dynamic and diverse nature of DNS TTL settings, and incompletemeasurements due to the existence of various caching mechanisms. To tackle these challenges, we introduce domain name graph (DNG), which is a formal expression that characterizes the highly dynamic and diverse nature of DNS mechanisms. Furthermore, we have developed a framework called Service-Flow map (SFMap) that works on top of the DNG. SFMap statistically estimates the hostname of an HTTPS server, given a pair of client and server IP addresses.We evaluate the performance ofSFMapthrough extensive analysis using real packet traces collected from two locations with different scales.Wedemonstrate thatSFMapestablishes good estimation accuracies and outperforms a state-of-the-art approach.

    Original languageEnglish
    Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    PublisherSpringer Verlag
    Pages126-139
    Number of pages14
    Volume9053
    ISBN (Print)9783319171715
    DOIs
    Publication statusPublished - 2015
    Event7th International Workshop on Traffic Monitoring and Analysis, TMA 2015 - Barcelona, Spain
    Duration: 2015 Apr 212015 Apr 24

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume9053
    ISSN (Print)03029743
    ISSN (Electronic)16113349

    Other

    Other7th International Workshop on Traffic Monitoring and Analysis, TMA 2015
    CountrySpain
    CityBarcelona
    Period15/4/2115/4/24

      Fingerprint

    ASJC Scopus subject areas

    • Computer Science(all)
    • Theoretical Computer Science

    Cite this

    Mori, T., Inoue, T., Shimoda, A., Sato, K., Ishibashi, K., & Goto, S. (2015). SFMap: Inferring services over encrypted web flows using dynamical domain name graphs. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9053, pp. 126-139). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9053). Springer Verlag. https://doi.org/10.1007/978-3-319-17172-2_9