On Reliability of JA3 Hashes for Fingerprinting Mobile Applications

Matoušek, Petr; Burgetová, Ivana; Ryšavý, Ondřej; Malombe, Victor

doi:10.1007/978-3-030-68734-2_1

Search citation statements

Order By: Relevance

Paper Sections

Select...

Data Description1

Tls Flow Fingerprinting1

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2021

2023

Publication Types

Select...

Article2

Book1

Relationship

Self Cite1

Independent2

Authors

Journals

Cited by 3 publications

(2 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It contains server names (TLS SNI extension), used application protocol (TLS ALPN extension), and TLS JA3 fingerprints. 4 All of these values are commonly used in encrypted traffic analysis [7] , [13] , [14] . The description of provided flow data fields is in Table 1 .…”

Section: Data Descriptionmentioning

confidence: 99%

Collection of datasets with DNS over HTTPS traffic

et al. 2022

Self Cite

View full text Add to dashboard Cite

Section: Data Descriptionmentioning

confidence: 99%

Collection of datasets with DNS over HTTPS traffic

et al. 2022

Self Cite

View full text Add to dashboard Cite

“…To the best of our knowledge, ref. [104] is the only research on JA3's reliability. The authors insist that JA3 is not sufficient for mobile app identifications; however, a combination of JA3, JA3S, and SNI can improve reliability.…”

Section: Tls Flow Fingerprintingmentioning

confidence: 99%

A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers

Roh

2021

Applied Sciences

View full text Add to dashboard Cite

Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.

show abstract