All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

HTTPS Event-Flow Correlation: Improving Situational Awareness in Encrypted Web Traffic

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F22%3A00125164" target="_blank" >RIV/00216224:14610/22:00125164 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1109/NOMS54207.2022.9789877" target="_blank" >http://dx.doi.org/10.1109/NOMS54207.2022.9789877</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1109/NOMS54207.2022.9789877" target="_blank" >10.1109/NOMS54207.2022.9789877</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    HTTPS Event-Flow Correlation: Improving Situational Awareness in Encrypted Web Traffic

  • Original language description

    Achieving situational awareness is a challenging process in current HTTPS-dominant web traffic. In this paper, we propose a new approach to encrypted web traffic monitoring. First, we design a method for correlating host-based and network monitoring data based on their common features and a correlation time-window. Then we analyze the correlation results in detail to identify configurations of web servers and monitoring infrastructure that negatively affect the correlation. We describe these properties and possible data preprocessing techniques to minimize their impact on correlation performance. Furthermore, to test the correlation method's behavior in different web server setups and for recent encryption protocols, we modify it by adapting the correlation features to TLS 1.3 and QUIC. Finally, we evaluate the correlation method on a dataset collected from a campus network. The results show that while the correlation requires monitoring of custom event and flow features, it remains feasible even when using encryption protocols designed for the near future.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2022

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    2022 IEEE/IFIP Network Operations and Management Symposium (NOMS 2022)

  • ISBN

    9781665406017

  • ISSN

    1542-1201

  • e-ISSN

  • Number of pages

    6

  • Pages from-to

    1-6

  • Publisher name

    IEEE Xplore Digital Library

  • Place of publication

    Budapešť, Maďarsko

  • Event location

    Budapešť, Maďarsko

  • Event date

    Jan 1, 2022

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000851572700131

Similar results(10)

Event-Flow Correlation for Anomaly Detection in HTTP/3 Web TrafficEncrypted Web Traffic Dataset: Event Logs and Packet TracesA Survey of Methods for Encrypted Traffic Classification and Analysis