DTA-HOC:Online HTTPS Traffic Service Identification Using DNS in Large-Scale Networks

作     者：Xuemei Zeng Xingshu Chen Guolin Shao Tao He Lina Wang Xuemei Zeng;Xingshu Chen;Guolin Shao;Tao He;Lina Wang

作者机构：Cybersecurity Research InstituteSichuan UniversityChengdu 610065China College of CybersecuritySichuan UniversityChengdu 610065China College of Computer ScienceSichuan UniversityChengdu 610065China 

出 版 物：《Tsinghua Science and Technology》 (清华大学学报（自然科学版（英文版）)

年 卷 期：2020年第25卷第2期

页      面：239-254页

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：funded by the National Natural Science Foundation of China (No.61802270) National Entrepreneurship & Innovation Demonstration Base of China (No.C700011) Key Research & Development Project of Sichuan Province of China (No.2018GZ0100) Fundamental Research Business Fee Basic Research Project of Central Universities (No.2017SCU11065) 

主　　题：HTTPS Domain Name System(DNS) service identification big data flow association 

摘      要：An increasing number of websites are making use of HTTPS encryption to enhance security and privacy for their ***,HTTPS encryption makes it very difficult to identify the service over HTTPS flows,which poses challenges to network security *** this paper we present DTA-HOC,a novel DNS-based two-level association HTTPS traffic online service identification method for large-scale networks,which correlates HTTPS flows with DNS flows using big data stream processing and association technologies to label the service in an HTTPS flow with a specific associated domain ***-HOC has been specifically designed to address three practical challenges in the service identification process:domain name ambiguity,domain name query invisibility,and data association time window size *** experiments on datasets collected from a 10-Gbps campus network are conducted alongside offline and online *** show that DTA-HOC can achieve an average online association rate on HTTPS traffic of 83%and a generic accuracy of 86.16%.Its processing time for one minute of data is less than 20 *** results indicate that DTA-HOC is an efficient method for online identification of services in HTTPS flows for large-scale ***,our proposed method can contribute to the identification of other applications which make a Domain Name System(DNS)communication before establishing a connection.