NetInfoMiner: High-level information extraction from network traffic

Ahmad Amro; Sultan Almuhammadi; Sami Zhioua

doi:10.1109/BIGCOMP.2017.7881730

NetInfoMiner: High-level information extraction from network traffic

Ahmad Amro, Sultan Almuhammadi, Sami Zhioua

King Fahd University of Petroleum and Minerals

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Due to the rapid increase of the Internet traffic encryption HTTPS, and the newly adopted protocols HTTP2 and SPDY, the need for a comprehensive high-level information extraction tool that supports the new protocols becomes essential for critical applications such as digital and network forensic and web penetration testing. In spite of the availability of big data from the Internet traffic, current network data mining tools do not support encrypted network traffic and the new protocols. This paper proposes a new tool for extracting high-level information such as visited links, user credentials and session cookies from HTTP and HTTPS protocols. It also allows extraction of user credentials and session cookies from HTTP2 and SPDY.

Original language	English
Title of host publication	2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	143-150
Number of pages	8
ISBN (Electronic)	9781509030156
DOIs	https://doi.org/10.1109/BIGCOMP.2017.7881730
Publication status	Published - 17 Mar 2017
Externally published	Yes
Event	2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017 - Jeju Island, Korea, Republic of Duration: 13 Feb 2017 → 16 Feb 2017

Publication series

Name	2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017

Conference

Conference	2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017
Country/Territory	Korea, Republic of
City	Jeju Island
Period	13/02/17 → 16/02/17

Keywords

Big data
HTTP
HTTP2
HTTPS
SPDY
data mining
traffic analysis

Access to Document

10.1109/BIGCOMP.2017.7881730

Cite this

Amro, A., Almuhammadi, S., & Zhioua, S. (2017). NetInfoMiner: High-level information extraction from network traffic. In 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017 (pp. 143-150). Article 7881730 (2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BIGCOMP.2017.7881730

@inproceedings{56b7054920704afa873734308d7695ef,

title = "NetInfoMiner: High-level information extraction from network traffic",

abstract = "Due to the rapid increase of the Internet traffic encryption HTTPS, and the newly adopted protocols HTTP2 and SPDY, the need for a comprehensive high-level information extraction tool that supports the new protocols becomes essential for critical applications such as digital and network forensic and web penetration testing. In spite of the availability of big data from the Internet traffic, current network data mining tools do not support encrypted network traffic and the new protocols. This paper proposes a new tool for extracting high-level information such as visited links, user credentials and session cookies from HTTP and HTTPS protocols. It also allows extraction of user credentials and session cookies from HTTP2 and SPDY.",

keywords = "Big data, HTTP, HTTP2, HTTPS, SPDY, data mining, traffic analysis",

author = "Ahmad Amro and Sultan Almuhammadi and Sami Zhioua",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017 ; Conference date: 13-02-2017 Through 16-02-2017",

year = "2017",

month = mar,

day = "17",

doi = "10.1109/BIGCOMP.2017.7881730",

language = "English",

series = "2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "143--150",

booktitle = "2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017",

}

Amro, A, Almuhammadi, S & Zhioua, S 2017, NetInfoMiner: High-level information extraction from network traffic. in 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017., 7881730, 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017, Institute of Electrical and Electronics Engineers Inc., pp. 143-150, 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017, Jeju Island, Korea, Republic of, 13/02/17. https://doi.org/10.1109/BIGCOMP.2017.7881730

NetInfoMiner: High-level information extraction from network traffic. / Amro, Ahmad; Almuhammadi, Sultan; Zhioua, Sami.
2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 143-150 7881730 (2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - NetInfoMiner

T2 - 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017

AU - Amro, Ahmad

AU - Almuhammadi, Sultan

AU - Zhioua, Sami

PY - 2017/3/17

Y1 - 2017/3/17

N2 - Due to the rapid increase of the Internet traffic encryption HTTPS, and the newly adopted protocols HTTP2 and SPDY, the need for a comprehensive high-level information extraction tool that supports the new protocols becomes essential for critical applications such as digital and network forensic and web penetration testing. In spite of the availability of big data from the Internet traffic, current network data mining tools do not support encrypted network traffic and the new protocols. This paper proposes a new tool for extracting high-level information such as visited links, user credentials and session cookies from HTTP and HTTPS protocols. It also allows extraction of user credentials and session cookies from HTTP2 and SPDY.

AB - Due to the rapid increase of the Internet traffic encryption HTTPS, and the newly adopted protocols HTTP2 and SPDY, the need for a comprehensive high-level information extraction tool that supports the new protocols becomes essential for critical applications such as digital and network forensic and web penetration testing. In spite of the availability of big data from the Internet traffic, current network data mining tools do not support encrypted network traffic and the new protocols. This paper proposes a new tool for extracting high-level information such as visited links, user credentials and session cookies from HTTP and HTTPS protocols. It also allows extraction of user credentials and session cookies from HTTP2 and SPDY.

KW - Big data

KW - HTTP

KW - HTTP2

KW - HTTPS

KW - SPDY

KW - data mining

KW - traffic analysis

U2 - 10.1109/BIGCOMP.2017.7881730

DO - 10.1109/BIGCOMP.2017.7881730

M3 - Conference contribution

AN - SCOPUS:85017572833

T3 - 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017

SP - 143

EP - 150

BT - 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 13 February 2017 through 16 February 2017

ER -

Amro A, Almuhammadi S, Zhioua S. NetInfoMiner: High-level information extraction from network traffic. In 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 143-150. 7881730. (2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017). doi: 10.1109/BIGCOMP.2017.7881730

NetInfoMiner: High-level information extraction from network traffic

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this