的个人主页 http://faculty.nuaa.edu.cn/zy8/zh_CN/index.htm
点击次数:
所属单位:计算机科学与技术学院/人工智能学院/软件学院
发表刊物:Secur. Commun. Networks
摘要:Many famous attacks take web browsers as transmission channels to make the target computer infected by malwares, such as watering hole and domain name hijacking. In order to protect the data transmission, the SSL/TLS protocol has been widely used to defeat various hijacking attacks. However, the existence of such encryption protection makes the security software and devices confront with the difficulty of analyzing the encrypted malicious traffic at endpoints. In order to better solve this kind of situation, this paper proposes a new efficient and transparent method for large-scale automated TLS traffic analysis, named as hyper TLS traffic analysis (HTTA). It extracts multiple types of valuable data from the target system in the hyper mode and then correlates them to decrypt the network packets in real time, so that overall data correlation analysis can be performed on the target. Additionally, we propose an aided reverse engineering method to support the analysis, which can rapidly identify the target data in different versions of the program. The proposed method can be applied to the endpoints and cloud platforms; there are no trust risk of certificates and no influence on the target programs. Finally, the real experimental results show that the method is feasible and effective for the analysis, which leads to the lower runtime overhead compared with other methods. It covers all the popular browser programs with good adaptability and can be applied to the large-scale analysis. © 2019 Jiaye Pan et al.
ISSN号:1939-0114
是否译文:否
发表时间:2019-01-01
合写作者:Pan, Jiaye,Sun, Binglin,Nepal, Surya
通讯作者:庄毅