TRAFFIC AUTHENTICITY ANALYSIS BASED ON DIGITAL FINGERPRINT DATA OF NETWORK PROTOCOL IMPLEMENTATIONS
Annotation
Subject of Research. The problem of traffic authenticity determination based on digital fingerprint data of network protocol implementations is considered. Description methods for digital prints of network protocols and characteristic changes in the original digital prints during transmission over various communication channels are studied. The applicability of anonymization tools, detection of Man-in-the-Middle Attacks, and malware based on the digital fingerprint analysis of protocol implementations is researched. Ways of record format improvement for digital prints with the view to avoid collisions of prints are proposed. Method. Features of each implementation of an existing or potentially possible information transfer protocol can be described by a digital fingerprint of this implementation and identified by the receiving party. Communication equipment on the information transmission path may be forced to change some of the initial parameters due to its internal limitations or limitations of the transmitting environment. The receiving party identifies the current implementation of the transmitting party’s protocol, based on pre-prepared lists of digital fingerprints, taking into account the permissible characteristic changes by nodes along the path of transmitted data. Comparing the original digital fingerprint with the fingerprint received by the server for certain sets of parameters, the receiving party makes assumptions about the methods of data transmission, the client’s use of anonymization tools, or third-party intervention in the transmission process. Based on the information obtained as a result of comparing digital fingerprints, it takes a decision about the possibility of communication sessions with the current sender. Within all communication sessions with the current sender, the recipient controls the immutability of the original digital fingerprint of the protocol by active and passive methods. Main Results. In the course of the study, network connection methods, anonymization tools, and connection from a potentially dangerous implementation are determined on the example of mitmproxy. Practical Relevance. Digital fingerprint automated analysis of network protocol client implementations provides the detection of incoming connections of malicious applications, network robots, and confirmation facts about the client’s applying of anonymization tools. Detection of malicious implementations by their digital fingerprints is possible not only on the receiving side, but on the entire network section along the path of packets, and therefore, blocks such connections at the network border.
Keywords
Постоянный URL
Articles in current issue
- PRODUCIBILITY ANALYSIS OF LENS SYSTEM DURING OPTICAL DESIGN STAGE(in English)
- EFFECT OF LASER PROCESSING PARAMETERS ON SPECTRAL CHARACTERISTICS OF SILVER-IMPREGNATED TITANIUM DIOXIDE THIN FILMS
- OPTICAL MODULE DESIGN FOR AUGMENTED REALITY GLASSES
- SEARCH QUALITY METHODOLOGY AND PARTICULAR FINDINGS FOR KEY POINTS BASED ON MATERIALS OF OPTICAL-ELECTRONIC AERIAL SURVEY
- ROUGHNESS STUDY OF PAPER MADE FROM SECONDARY RAW MATERIALS BY ATOMIC FORCE MICROSCOPY
- METHOD FOR HYPERPARAMETER TUNING IN MACHINE LEARNING TASKS FOR STOCHASTIC OBJECTS CLASSIFICATION
- HIERARCHICAL DIAGNOSTIC MODEL SYNTHESIS FOR DATAFLOW REAL-TIME COMPUTING SYSTEM
- COMPARATIVE ANALYSIS OF METHODS FOR IMBALANCE ELIMINATION OF EMOTION CLASSES IN VIDEO DATA OF FACIAL EXPRESSIONS
- CMSA/CA PROTOCOL ANALYSIS IN OMNET++ ENVIRONMENT WITH INET FRAMEWORK
- METHOD OF ARTIFICIAL FITNESS LEVELS FOR DYNAMICS ANALYSIS OF EVOLUTIONARY ALGORITHMS
- DETERMINATION OF PACKED AND ENCRYPTED DATA IN EMBEDDED SOFTWARE
- SEARCH OF CLONES IN PROGRAM CODE
- CONFIGURABLE IOT DEVICES BASED ON ESP8266 SOC SYSTEM AND MQTT PROTOCOL
- NOISE IMMUNITY OF WIRELESS PERSONAL AREA NETWORKS UNDER DIGITAL PRODUCTION CONDITIONS
- DISTRIBUTED CONVOLUTIONAL NEURAL NETWORK MODEL ON RESOURCE-CONSTRAINED CLUSTER
- PROCESS CHARACTERISTICS ESTIMATION IN WEB APPLICATIONS USING K-MEANS CLUSTERING
- MULTILINE BRAILLE DISPLAY CONSTRUCTION MODEL
- APPLICATION OF LASER RADIATION FOR PLANT GROWTH STIMULATION
- RISK IDENTIFICATION OF SECURITY INFORMATION VIOLATIONS IN CYBER-PHYSICAL SYSTEMS BASED ON ANALYSIS OF DIGITAL SIGNALS