Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application

Jonathan Muehlstein; Yehonatan Zion; Maor Bahumi; Itay Kirshenboim; Ran Dubin; Amit Dvir; Ofir Pele

doi:10.1109/CCNC.2017.8013420

Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application

Jonathan Muehlstein, Yehonatan Zion, Maor Bahumi, Itay Kirshenboim, Ran Dubin, Amit Dvir, Ofir Pele

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

48 Scopus citations

Abstract

Desktops and laptops can be maliciously exploited to violate privacy. There are two main types of attack scenarios: active and passive. In this paper, we consider the passive scenario where the adversary does not interact actively with the device, but he is able to eavesdrop on the network traffic of the device from the network side. Most of the internet traffic is encrypted and thus passive attacks are challenging. In this paper, we show that an external attacker can identify the operating system, browser and application of HTTP encrypted traffic (HTTPS). To the best of our knowledge, this is the first work that shows this. We provide a large data set of more than 20000 examples for this task. Additionally, we suggest new features for this task. We run a through a set of experiments, which shows that our classification accuracy is 96.06%.

Original language	English
Title of host publication	2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017
Publisher	Institute of Electrical and Electronics Engineers
ISBN (Electronic)	9781509061969
DOIs	https://doi.org/10.1109/CCNC.2017.8013420
State	Published - 17 Jul 2017
Event	14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017 - Las Vegas, United States Duration: 8 Jan 2017 → 11 Jan 2017

Publication series

Name	2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017
Volume	2017-January

Conference

Conference	14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017
Country/Territory	United States
City	Las Vegas
Period	8/01/17 → 11/01/17

Keywords

Application
Browser
Encrypted traffic
HTTPS
Operating system

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture
Communication

Access to Document

10.1109/CCNC.2017.8013420

Cite this

Muehlstein, J., Zion, Y., Bahumi, M., Kirshenboim, I., Dubin, R., Dvir, A., & Pele, O. (2017). Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application. In 2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017 (2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017; Vol. 2017-January). Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/CCNC.2017.8013420

Muehlstein, Jonathan ; Zion, Yehonatan ; Bahumi, Maor et al. / Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application. 2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017. Institute of Electrical and Electronics Engineers, 2017. (2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017).

@inproceedings{a52860e41be447b2a15ed9410802a1a3,

title = "Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application",

abstract = "Desktops and laptops can be maliciously exploited to violate privacy. There are two main types of attack scenarios: active and passive. In this paper, we consider the passive scenario where the adversary does not interact actively with the device, but he is able to eavesdrop on the network traffic of the device from the network side. Most of the internet traffic is encrypted and thus passive attacks are challenging. In this paper, we show that an external attacker can identify the operating system, browser and application of HTTP encrypted traffic (HTTPS). To the best of our knowledge, this is the first work that shows this. We provide a large data set of more than 20000 examples for this task. Additionally, we suggest new features for this task. We run a through a set of experiments, which shows that our classification accuracy is 96.06%.",

keywords = "Application, Browser, Encrypted traffic, HTTPS, Operating system",

author = "Jonathan Muehlstein and Yehonatan Zion and Maor Bahumi and Itay Kirshenboim and Ran Dubin and Amit Dvir and Ofir Pele",

note = "Publisher Copyright: {\textcopyright} 2019 Institute of Electrical and Electronics Engineers Inc.. All rights reserved.; 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017 ; Conference date: 08-01-2017 Through 11-01-2017",

year = "2017",

month = jul,

day = "17",

doi = "10.1109/CCNC.2017.8013420",

language = "English",

series = "2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017",

publisher = "Institute of Electrical and Electronics Engineers",

booktitle = "2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017",

address = "United States",

}

Muehlstein, J, Zion, Y, Bahumi, M, Kirshenboim, I, Dubin, R, Dvir, A & Pele, O 2017, Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application. in 2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017. 2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017, vol. 2017-January, Institute of Electrical and Electronics Engineers, 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017, Las Vegas, United States, 8/01/17. https://doi.org/10.1109/CCNC.2017.8013420

Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application. / Muehlstein, Jonathan; Zion, Yehonatan; Bahumi, Maor et al.
2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017. Institute of Electrical and Electronics Engineers, 2017. (2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017; Vol. 2017-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application

AU - Muehlstein, Jonathan

AU - Zion, Yehonatan

AU - Bahumi, Maor

AU - Kirshenboim, Itay

AU - Dubin, Ran

AU - Dvir, Amit

AU - Pele, Ofir

PY - 2017/7/17

Y1 - 2017/7/17

N2 - Desktops and laptops can be maliciously exploited to violate privacy. There are two main types of attack scenarios: active and passive. In this paper, we consider the passive scenario where the adversary does not interact actively with the device, but he is able to eavesdrop on the network traffic of the device from the network side. Most of the internet traffic is encrypted and thus passive attacks are challenging. In this paper, we show that an external attacker can identify the operating system, browser and application of HTTP encrypted traffic (HTTPS). To the best of our knowledge, this is the first work that shows this. We provide a large data set of more than 20000 examples for this task. Additionally, we suggest new features for this task. We run a through a set of experiments, which shows that our classification accuracy is 96.06%.

AB - Desktops and laptops can be maliciously exploited to violate privacy. There are two main types of attack scenarios: active and passive. In this paper, we consider the passive scenario where the adversary does not interact actively with the device, but he is able to eavesdrop on the network traffic of the device from the network side. Most of the internet traffic is encrypted and thus passive attacks are challenging. In this paper, we show that an external attacker can identify the operating system, browser and application of HTTP encrypted traffic (HTTPS). To the best of our knowledge, this is the first work that shows this. We provide a large data set of more than 20000 examples for this task. Additionally, we suggest new features for this task. We run a through a set of experiments, which shows that our classification accuracy is 96.06%.

KW - Application

KW - Browser

KW - Encrypted traffic

KW - HTTPS

KW - Operating system

UR - http://www.scopus.com/inward/record.url?scp=85087199147&partnerID=8YFLogxK

U2 - 10.1109/CCNC.2017.8013420

DO - 10.1109/CCNC.2017.8013420

M3 - Conference contribution

AN - SCOPUS:85087199147

T3 - 2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017

BT - 2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017

PB - Institute of Electrical and Electronics Engineers

T2 - 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017

Y2 - 8 January 2017 through 11 January 2017

ER -

Muehlstein J, Zion Y, Bahumi M, Kirshenboim I, Dubin R, Dvir A et al. Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application. In 2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017. Institute of Electrical and Electronics Engineers. 2017. (2017 14th IEEE Annual Consumer Communications and Networking Conference, CCNC 2017). doi: 10.1109/CCNC.2017.8013420

Analyzing HtTPS encrypted traffic to identify user's operating system, browser and application

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this