Categorizing TLS traffic based on JA3 pre-hash values
| dc.contributor.author | Heino Jenny | |
| dc.contributor.author | Hakkala Antti | |
| dc.contributor.author | Virtanen Seppo | |
| dc.contributor.organization | fi=kyberturvallisuusteknologia|en=Cyber Security Engineering| | |
| dc.contributor.organization | fi=tietotekniikan laitos|en=Department of Computing| | |
| dc.contributor.organization-code | 1.2.246.10.2458963.20.28753843706 | |
| dc.contributor.organization-code | 1.2.246.10.2458963.20.85312822902 | |
| dc.converis.publication-id | 179257961 | |
| dc.converis.url | https://research.utu.fi/converis/portal/Publication/179257961 | |
| dc.date.accessioned | 2025-08-27T22:46:59Z | |
| dc.date.available | 2025-08-27T22:46:59Z | |
| dc.description.abstract | <p> The JA3 algorithm for fingerprinting TLS client traffic has become a popular additional tool in the tool set of network security professionals. The pre-hash value of the JA3 fingerprint lists parameter values from the TLS handshake supported by the TLS client. In this paper we present two different machine learning methods for identifying the endpoint application from TLS traffic based on the JA3 pre-hash string. Both methods were able to identify applications from Mozilla in our sample set, but had more variation with other applications. The methods can be used for improving network security accuracy. <br></p> | |
| dc.format.pagerange | 101 | |
| dc.format.pagerange | 94 | |
| dc.identifier.jour-issn | 1877-0509 | |
| dc.identifier.olddbid | 202797 | |
| dc.identifier.oldhandle | 10024/185824 | |
| dc.identifier.uri | https://www.utupub.fi/handle/11111/48836 | |
| dc.identifier.url | https://doi.org/10.1016/j.procs.2023.03.015 | |
| dc.identifier.urn | URN:NBN:fi-fe2023042037766 | |
| dc.language.iso | en | |
| dc.okm.affiliatedauthor | Heino, Jenny | |
| dc.okm.affiliatedauthor | Hakkala, Antti | |
| dc.okm.affiliatedauthor | Virtanen, Seppo | |
| dc.okm.discipline | 113 Computer and information sciences | en_GB |
| dc.okm.discipline | 213 Electronic, automation and communications engineering, electronics | en_GB |
| dc.okm.discipline | 222 Other engineering and technologies | en_GB |
| dc.okm.discipline | 113 Tietojenkäsittely ja informaatiotieteet | fi_FI |
| dc.okm.discipline | 213 Sähkö-, automaatio- ja tietoliikennetekniikka, elektroniikka | fi_FI |
| dc.okm.discipline | 222 Muu tekniikka | fi_FI |
| dc.okm.internationalcopublication | not an international co-publication | |
| dc.okm.internationality | International publication | |
| dc.okm.type | A4 Conference Article | |
| dc.publisher.country | Netherlands | en_GB |
| dc.publisher.country | Alankomaat | fi_FI |
| dc.publisher.country-code | NL | |
| dc.relation.conference | International Conference on Ambient Systems, Networks and Technologies Networks | |
| dc.relation.doi | 10.1016/j.procs.2023.03.015 | |
| dc.relation.ispartofjournal | Procedia Computer Science | |
| dc.relation.ispartofseries | Procedia Computer Science | |
| dc.relation.volume | 220 | |
| dc.source.identifier | https://www.utupub.fi/handle/10024/185824 | |
| dc.title | Categorizing TLS traffic based on JA3 pre-hash values | |
| dc.title.book | The 14th International Conference on Ambient Systems, Networks and Technologies Networks (ANT 2022) and The 6th International Conference on Emerging Data and Industry 4.0 (EDI40) | |
| dc.year.issued | 2023 |
Tiedostot
1 - 1 / 1
Ladataan...
- Name:
- 1-s2.0-S1877050923005501-main.pdf
- Size:
- 646.82 KB
- Format:
- Adobe Portable Document Format