计算机科学 ›› 2020, Vol. 47 ›› Issue (3): 287-291.doi: 10.11896/jsjkx.190200332

• 信息安全 • 上一篇    下一篇

改进的TLS指纹增强用户行为安全分析能力

胡建伟,徐明洋,崔艳鹏   

  1. (西安电子科技大学网络与信息安全学院 西安710071)
  • 收稿日期:2019-02-20 出版日期:2020-03-15 发布日期:2020-03-30
  • 通讯作者: 胡建伟(1270547909@qq.com)

Improved TLS Fingerprint Enhance User Behavior Security Analysis Ability

HU Jian-wei,XU Ming-yang,CUI Yan-peng   

  1. (School of Cyber Engineering, Xidian University, Xi’an 710071, China)
  • Received:2019-02-20 Online:2020-03-15 Published:2020-03-30
  • About author:HU Jian-wei,born in 1973,Ph.D,asso-ciate professor.His main research inte-rests include cyberspace security and so on.

摘要: 随着攻防对抗的升级,用户行为分析与网络安全的结合逐渐进入了研究者的视野。用户行为分析技术可以做到在被成功攻击前识别不可信用户,遏制入侵,达到主动防御的效果。当前在Web安全中用户行为分析所使用的数据源主要是应用层HTTP维度的数据,这不足以确定用户身份,容易造成漏报。在安全性和隐私性更好的HTTPS技术被大规模应用的情况下,文中提出了基于n-gram和Simhash的改进的TLS指纹数据,该方法提高了现有TLS(Transport Layer Security)指纹的容错性。将该指纹应用到用户行为分析中可提高用户身份判定的准确率。对比实验使用卷积神经网络对从真实环境中得到的指纹数据和日志型用户行为数据进行建模分析。结果表明,改进的TLS指纹数据可以更有效地识别用户和黑客,将准确率提高了4.2%。进一步的分析表明,通过改进的TLS指纹关联用户行为和时间轴回溯,还能在一定程度上对黑客进行追踪溯源,从而为安全事件调查提供情报上下文。

关键词: TLS指纹, Web安全, 卷积神经网络, 用户行为分析

Abstract: With the upgrade of offensive and defensive confrontation,the combination of user behavior analysis and network security has gradually entered the researchers’ field of vision.User behavior analysis technology can achieve active defense by identi-fying untrusted users and preventing the intrusions before being attacked successfully.Currently,the datasets used in user beha-vior analysis in Web security are mainly the application layer HTTP data,which is insufficient toidentity user and is likely to cause false negatives.This paper proposed an improved TLS fingerprint data based on n-gram and Simhash,which enhances the fault tolerance of the existing TLS fingerprint.The application by using the improved fingerprint to user behavior analysis can improve the accuracy of user indentification.The comparative experiment used convolutional neural network to model and analyze the fingerprint data and log-type user behavior data obtained from the real environment.The results show that the improved TLS fingerprint data can identify normal users and hackers more effectively,and the accuracy is improved by 4.2%.Further analysis shows that the improved TLS fingerprint can trace hackers to a certain extent by correlating user behaviors and timeline backtracking,thus providing an intelligence context for security incident investigation.

Key words: Convolutional neural network, TLS fingerprint, User behavior analysis, Web security

中图分类号: 

  • TP393
[1]YONG B,LIU X,LIU Y,et al.Web Behavior Detection Based on Deep Neural Network[C]∥2018 IEEE SmartWorld,Ubiquitous Intelligence & Computing.IEEE,2018:1911-1916.
[2]PENG T,QIU W D,ZHENG H,et al.SQL Injection Behavior Mining Based Deep Learning[C]∥Proceedings of 14th International Conference.Nanjing,China,2018.
[3]ECKERSLEY P.How unique is your web browser? [C]∥Proceedings of the 10th International Conferenceon Privacy Enhan- cing Technologies.Berlin:Springer,Heidelberg,2010:1-18.
[4]NAKIBLY G,SHELEF G,YUDILEVICH S.Hardware fingerprinting using HTML5[J].arXiv:1503.01408,2015.
[5]CAO Y Z,LI S,WIJMANS E.Browser fingerprinting via OS and hardware level features[C]∥Proceedings of Network & Distributed System Security Symposium (NDSS).2017.
[6]GOOGLE.HTTPS encryption on the web [EB/OL].https://trans parencyreport.google.com/https/overview.
[7]W3TECHS.Usage of Default protocol https for websites[EB/OL].https://w3techs.com/technologies/details/ce-httpsdefault/all/all.
[8]IVAN.Examples of the information col- lected from SSL handshakes [EB/OL].http://blog.ivanristic.com/2009/07/examples-of-the-information-collected-from-ssl-handshakes.html.
[9]MAREK.SSL fingerprinting for p0f [EB/OL].https://idea. popc ount.org/2012-06-17-ssl-fingerprinting-for-p0f.
[10]LEE B.Stealthier Attacks & Smarter Defending with TLS Fingerprint [EB/OL].http://blog.squarelemon.com/tls-fingerprinting.
[11]HUSÁK M,CERMÁK M,JIRSÍK T,et al.HTTPS traffic ana- lysis and client identification using passive SSL/TLS fingerprin-ting[J].EURASIP Journal on Information Security,2016,2016(1):6.
[12]ALTHOUSE J.Open Sourcing JA3 [EB/OL].https://engi- neering.salesforce.com/open-sourcing-ja3-92c9e53c3c41.
[13]DIERKS T,RESCORLA E.The transport layer security (TLS) protocol version 1.2[OL].https://datatracker.ietf.org/doc/rfc5246/.
[14]GOOGLE.Applying GREASE to TLS Extensibility,IETF Draft[OL].https://mailarchive.ietf.org/arch/msg/ietf-announce/15r5EP6SEBb8zA-T5UoeMo5OFyg/.
[15]ZHANG M,XU B Y,BAI S,et al.A Deep Learning Method to Detect Web Attacks Using a Specially Designed CNN[C]∥International Conference on Neural Information Processing.Springer,Cham,2017:828-836.
[16]SAXE J,BERLIN K.eXpose:A character-level convolutional neural network with embeddings for detecting malicious URLs,file paths and registry keys[J].arXiv:1702.08568,2017.
[17]LE H,PHAM Q,SAHOO D,et al.URLNet:Learning a URL Representation with Deep Learning for Malicious URL Detection[J].arXiv:1802.03162,2018.
[18]KRIZHEVSKY A,SUTSKEVER I,HINTON G E.Imagenet classification with deep convolutional neural networks [C]∥Advances in Neural Information Processing Systems.2012:1097-1105.
[1] 周乐员, 张剑华, 袁甜甜, 陈胜勇.
多层注意力机制融合的序列到序列中国连续手语识别和翻译
Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion
计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026
[2] 李宗民, 张玉鹏, 刘玉杰, 李华.
基于可变形图卷积的点云表征学习
Deformable Graph Convolutional Networks Based Point Cloud Representation Learning
计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023
[3] 陈泳全, 姜瑛.
基于卷积神经网络的APP用户行为分析方法
Analysis Method of APP User Behavior Based on Convolutional Neural Network
计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121
[4] 朱承璋, 黄嘉儿, 肖亚龙, 王晗, 邹北骥.
基于注意力机制的医学影像深度哈希检索算法
Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism
计算机科学, 2022, 49(8): 113-119. https://doi.org/10.11896/jsjkx.210700153
[5] 檀莹莹, 王俊丽, 张超波.
基于图卷积神经网络的文本分类方法研究综述
Review of Text Classification Methods Based on Graph Convolutional Network
计算机科学, 2022, 49(8): 205-216. https://doi.org/10.11896/jsjkx.210800064
[6] 金方焱, 王秀利.
融合RACNN和BiLSTM的金融领域事件隐式因果关系抽取
Implicit Causality Extraction of Financial Events Integrating RACNN and BiLSTM
计算机科学, 2022, 49(7): 179-186. https://doi.org/10.11896/jsjkx.210500190
[7] 张颖涛, 张杰, 张睿, 张文强.
全局信息引导的真实图像风格迁移
Photorealistic Style Transfer Guided by Global Information
计算机科学, 2022, 49(7): 100-105. https://doi.org/10.11896/jsjkx.210600036
[8] 戴朝霞, 李锦欣, 张向东, 徐旭, 梅林, 张亮.
基于DNGAN的磁共振图像超分辨率重建算法
Super-resolution Reconstruction of MRI Based on DNGAN
计算机科学, 2022, 49(7): 113-119. https://doi.org/10.11896/jsjkx.210600105
[9] 刘月红, 牛少华, 神显豪.
基于卷积神经网络的虚拟现实视频帧内预测编码
Virtual Reality Video Intraframe Prediction Coding Based on Convolutional Neural Network
计算机科学, 2022, 49(7): 127-131. https://doi.org/10.11896/jsjkx.211100179
[10] 徐鸣珂, 张帆.
Head Fusion:一种提高语音情绪识别的准确性和鲁棒性的方法
Head Fusion:A Method to Improve Accuracy and Robustness of Speech Emotion Recognition
计算机科学, 2022, 49(7): 132-141. https://doi.org/10.11896/jsjkx.210100085
[11] 杨玥, 冯涛, 梁虹, 杨扬.
融合交叉注意力机制的图像任意风格迁移
Image Arbitrary Style Transfer via Criss-cross Attention
计算机科学, 2022, 49(6A): 345-352. https://doi.org/10.11896/jsjkx.210700236
[12] 杨健楠, 张帆.
一种结合双注意力机制和层次网络结构的细碎农作物分类方法
Classification Method for Small Crops Combining Dual Attention Mechanisms and Hierarchical Network Structure
计算机科学, 2022, 49(6A): 353-357. https://doi.org/10.11896/jsjkx.210200169
[13] 杨涵, 万游, 蔡洁萱, 方铭宇, 吴卓超, 金扬, 钱伟行.
基于步态分类辅助的虚拟IMU的行人导航方法
Pedestrian Navigation Method Based on Virtual Inertial Measurement Unit Assisted by GaitClassification
计算机科学, 2022, 49(6A): 759-763. https://doi.org/10.11896/jsjkx.211200148
[14] 王杉, 徐楚怡, 师春香, 张瑛.
基于CNN-LSTM的卫星云图云分类方法研究
Study on Cloud Classification Method of Satellite Cloud Images Based on CNN-LSTM
计算机科学, 2022, 49(6A): 675-679. https://doi.org/10.11896/jsjkx.210300177
[15] 孙福权, 崔志清, 邹彭, 张琨.
基于多尺度特征的脑肿瘤分割算法
Brain Tumor Segmentation Algorithm Based on Multi-scale Features
计算机科学, 2022, 49(6A): 12-16. https://doi.org/10.11896/jsjkx.210700217
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!