西安电子科技大学学报

• 研究论文 • 上一篇    下一篇

利用包长特征的浏览器被动识别方法

刘长江;万坚;韩杰思;魏强   

  1. (盲信号处理国家重点实验室,四川 成都 610041)
  • 收稿日期:2016-09-22 出版日期:2017-12-20 发布日期:2018-01-18
  • 作者简介:刘长江(1991-),女,盲信号处理国家重点实验室硕士研究生,E-mail: jiangjiangmails@sina.com
  • 基金资助:

    国家自然科学基金资助项目(61072067)

Passive browser identification based on the packet length

LIU Changjiang;WAN Jian;HAN Jiesi;WEI Qiang   

  1. (National Key Lab. of Science and Technology on Blind Signal Processing, Chengdu 610041, China)
  • Received:2016-09-22 Online:2017-12-20 Published:2018-01-18

摘要:

浏览器作为用户使用最为频繁的网络应用软件,是黑客们的重要攻击目标.对于网络管理员而言,掌握网络中用户所使用的浏览器,可以及时发现用户主机可能存在的漏洞,便于采取防御措施.文中提出了一种利用请求数据包长度特征的浏览器被动识别方法,即利用不同浏览器在请求网页内容时发送的请求数据包长度的差异,通过聚类算法实现对浏览器的识别.实验表明,该方法对五类常用浏览器的识别率能达90%以上,并且所提特征指纹具有时间的稳定性.该方法不增加网络流量,不干扰网络正常运行,能够在非加密和加密情况下对网络中的浏览器进行识别.

关键词: 浏览器, 被动识别, 包长特征, 分类算法, 特征稳定性

Abstract:

The browser, as the most frequently used network application software, is an important target of hackers. For network administrators, mastering the browsers used by network users can help them to discover the possible vulnerabilities in the host computers and take defensive measures expediently. In this paper, we propose a passive browser identification method by requesting the packet length. We make use of the difference in requesting the packet length when using different browsers to request the web content, and then achieve the browser identification by the clustering algorithm. The experiment shows that the recognition rate of the five most common browsers can reach more than 90% in this way, and the time stability of the fingerprinting is also confirmed. This method does not increase the network traffic or interfere with the normal operation of the network, and it can identify web browsers under the condition of both non-encryption and encryption.

Key words: browser, passive identification, packet length, classification, feature stability