{"id":"https://openalex.org/W4391696937","doi":"https://doi.org/10.1109/tnsm.2024.3364526","title":"EFACTLS: Effective Active TLS Fingerprinting for Large-Scale Server Deployment Characterization","display_name":"EFACTLS: Effective Active TLS Fingerprinting for Large-Scale Server Deployment Characterization","publication_year":2024,"publication_date":"2024-02-09","ids":{"openalex":"https://openalex.org/W4391696937","doi":"https://doi.org/10.1109/tnsm.2024.3364526"},"language":"en","primary_location":{"id":"doi:10.1109/tnsm.2024.3364526","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tnsm.2024.3364526","pdf_url":"https://ieeexplore.ieee.org/ielx7/4275028/5699970/10430411.pdf","source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://ieeexplore.ieee.org/ielx7/4275028/5699970/10430411.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005401301","display_name":"Markus Sosnowski","orcid":"https://orcid.org/0000-0002-7322-5804"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Markus Sosnowski","raw_affiliation_strings":["Department of Computer Science, TUM School of Computation, Information and Technology, Technical University of Munich, Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0002-7322-5804","affiliations":[{"raw_affiliation_string":"Department of Computer Science, TUM School of Computation, Information and Technology, Technical University of Munich, Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009418849","display_name":"Johannes Zirngibl","orcid":"https://orcid.org/0000-0002-2918-016X"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Johannes Zirngibl","raw_affiliation_strings":["Department of Computer Science, TUM School of Computation, Information and Technology, Technical University of Munich, Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0002-2918-016X","affiliations":[{"raw_affiliation_string":"Department of Computer Science, TUM School of Computation, Information and Technology, Technical University of Munich, Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049611799","display_name":"Patrick Sattler","orcid":"https://orcid.org/0000-0001-9375-3113"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Patrick Sattler","raw_affiliation_strings":["Department of Computer Science, TUM School of Computation, Information and Technology, Technical University of Munich, Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0001-9375-3113","affiliations":[{"raw_affiliation_string":"Department of Computer Science, TUM School of Computation, Information and Technology, Technical University of Munich, Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060144977","display_name":"Georg Carle","orcid":"https://orcid.org/0000-0002-2347-1839"},"institutions":[{"id":"https://openalex.org/I62916508","display_name":"Technical University of Munich","ror":"https://ror.org/02kkvpp62","country_code":"DE","type":"education","lineage":["https://openalex.org/I62916508"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Georg Carle","raw_affiliation_strings":["Department of Computer Science, TUM School of Computation, Information and Technology, Technical University of Munich, Munich, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, TUM School of Computation, Information and Technology, Technical University of Munich, Munich, Germany","institution_ids":["https://openalex.org/I62916508"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009659193","display_name":"Claas Grohnfeldt","orcid":"https://orcid.org/0000-0001-8270-9360"},"institutions":[{"id":"https://openalex.org/I4210166625","display_name":"Huawei German Research Center","ror":"https://ror.org/00z59w514","country_code":"DE","type":"facility","lineage":["https://openalex.org/I2250955327","https://openalex.org/I4210129353","https://openalex.org/I4210166625"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Claas Grohnfeldt","raw_affiliation_strings":["Huawei Munich Research Center, Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0001-8270-9360","affiliations":[{"raw_affiliation_string":"Huawei Munich Research Center, Munich, Germany","institution_ids":["https://openalex.org/I4210166625"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016026072","display_name":"Michele Russo","orcid":"https://orcid.org/0000-0003-0869-6703"},"institutions":[{"id":"https://openalex.org/I4210166625","display_name":"Huawei German Research Center","ror":"https://ror.org/00z59w514","country_code":"DE","type":"facility","lineage":["https://openalex.org/I2250955327","https://openalex.org/I4210129353","https://openalex.org/I4210166625"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michele Russo","raw_affiliation_strings":["Huawei Munich Research Center, Munich, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Huawei Munich Research Center, Munich, Germany","institution_ids":["https://openalex.org/I4210166625"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001748768","display_name":"Daniele Sgandurra","orcid":"https://orcid.org/0000-0001-5238-8068"},"institutions":[{"id":"https://openalex.org/I4210166625","display_name":"Huawei German Research Center","ror":"https://ror.org/00z59w514","country_code":"DE","type":"facility","lineage":["https://openalex.org/I2250955327","https://openalex.org/I4210129353","https://openalex.org/I4210166625"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Daniele Sgandurra","raw_affiliation_strings":["Huawei Munich Research Center, Munich, Germany"],"raw_orcid":"https://orcid.org/0000-0001-5238-8068","affiliations":[{"raw_affiliation_string":"Huawei Munich Research Center, Munich, Germany","institution_ids":["https://openalex.org/I4210166625"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5005401301"],"corresponding_institution_ids":["https://openalex.org/I62916508"],"apc_list":null,"apc_paid":null,"fwci":2.3179,"has_fulltext":true,"cited_by_count":7,"citation_normalized_percentile":{"value":0.89163779,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"21","issue":"3","first_page":"2582","last_page":"2595"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.8665618896484375},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8630378246307373},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.47491228580474854},{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.457862913608551},{"id":"https://openalex.org/keywords/file-server","display_name":"File server","score":0.4575355350971222},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.445970356464386},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.44424524903297424},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.4219553470611572},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3382641077041626},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.23134106397628784}],"concepts":[{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.8665618896484375},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8630378246307373},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.47491228580474854},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.457862913608551},{"id":"https://openalex.org/C4373008","wikidata":"https://www.wikidata.org/wiki/Q513349","display_name":"File server","level":2,"score":0.4575355350971222},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.445970356464386},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.44424524903297424},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.4219553470611572},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3382641077041626},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.23134106397628784}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tnsm.2024.3364526","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tnsm.2024.3364526","pdf_url":"https://ieeexplore.ieee.org/ielx7/4275028/5699970/10430411.pdf","source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1109/tnsm.2024.3364526","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tnsm.2024.3364526","pdf_url":"https://ieeexplore.ieee.org/ielx7/4275028/5699970/10430411.pdf","source":{"id":"https://openalex.org/S173527311","display_name":"IEEE Transactions on Network and Service Management","issn_l":"1932-4537","issn":["1932-4537","2373-7379"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Network and Service Management","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4391696937.pdf","grobid_xml":"https://content.openalex.org/works/W4391696937.grobid-xml"},"referenced_works_count":30,"referenced_works":["https://openalex.org/W1576185228","https://openalex.org/W1930649250","https://openalex.org/W1976986662","https://openalex.org/W1995875735","https://openalex.org/W2069858642","https://openalex.org/W2101907742","https://openalex.org/W2292723020","https://openalex.org/W2296570230","https://openalex.org/W2518033045","https://openalex.org/W2523421704","https://openalex.org/W2545990795","https://openalex.org/W2794055141","https://openalex.org/W2895807258","https://openalex.org/W2902352019","https://openalex.org/W2904027722","https://openalex.org/W2915352631","https://openalex.org/W2962940036","https://openalex.org/W3044183949","https://openalex.org/W3083437617","https://openalex.org/W3187145766","https://openalex.org/W4241947605","https://openalex.org/W4324009745","https://openalex.org/W4386214697","https://openalex.org/W4386348181","https://openalex.org/W6606233576","https://openalex.org/W6677217071","https://openalex.org/W6782989452","https://openalex.org/W6838959161","https://openalex.org/W6855906840","https://openalex.org/W6904607719"],"related_works":["https://openalex.org/W2799329589","https://openalex.org/W2535099400","https://openalex.org/W2094337296","https://openalex.org/W2165440220","https://openalex.org/W4289655417","https://openalex.org/W2399644275","https://openalex.org/W2560958726","https://openalex.org/W1735858552","https://openalex.org/W2005966532","https://openalex.org/W2101414465"],"abstract_inverted_index":{"Active":[0],"measurements":[1,60,222],"allow":[2],"the":[3,81,87,134,152,173,189,233],"collection":[4],"of":[5,80,126,181,205,212,232],"server":[6,22,35,197],"characteristics":[7],"on":[8,58],"a":[9,40,55,203,209],"large":[10],"scale":[11],"that":[12,99],"can":[13,45,223],"aid":[14],"in":[15],"discovering":[16],"hidden":[17],"relations":[18,26],"and":[19,33,70,91,141,156,159,185,207,228],"commonalities":[20],"among":[21],"deployments.":[23],"Finding":[24],"these":[25],"opens":[27],"up":[28],"new":[29,213],"possibilities":[30],"for":[31,37,73,175],"clustering":[32],"classifying":[34],"deployments;":[36],"example,":[38],"identifying":[39],"previously":[41],"unknown":[42],"cybercriminal":[43],"infrastructure":[44],"be":[46],"valuable":[47,225],"cyber-threat":[48],"intelligence.":[49],"In":[50],"this":[51],"work,":[52],"we":[53,110],"propose":[54,133],"methodology":[56,201],"based":[57],"active":[59,221],"to":[61,106,121,129,137,194],"acquire":[62],"Transport":[63],"Layer":[64],"Security":[65],"(TLS)":[66],"metadata":[67],"from":[68,103,151],"servers":[69,150,214],"leverage":[71],"it":[72],"fingerprinting.":[74],"Our":[75],"fingerprints":[76],"capture":[77],"characteristic":[78],"behavior":[79],"TLS":[82,127],"stack,":[83],"primarily":[84],"influenced":[85],"by":[86],"server\u2019s":[88],"implementation,":[89],"configuration,":[90],"hardware":[92],"support.":[93],"Using":[94],"an":[95,123],"empirical":[96],"optimization":[97],"strategy":[98],"maximizes":[100],"information":[101,140],"gained":[102],"every":[104],"handshake":[105],"minimize":[107],"measurement":[108],"costs,":[109],"generated":[111],"10":[112],"general-purpose":[113],"Client":[114],"Hellos.":[115],"They":[116],"served":[117],"as":[118],"scanning":[119],"probes":[120],"create":[122],"extensive":[124],"database":[125],"configurations":[128],"classify":[130],"servers.":[131,187],"We":[132],"Shannon":[135],"Entropy":[136],"measure":[138],"collected":[139],"compare":[142],"different":[143],"approaches.":[144],"This":[145,217],"study":[146,218],"fingerprinted":[147],"8":[148],"million":[149],"Tranco":[153],"top":[154],"list":[155],"two":[157,176],"Command":[158],"Control":[160],"(C2)":[161],"blocklists":[162],"over":[163,215],"60":[164],"weeks":[165],"with":[166],"weekly":[167],"snapshots.":[168],"The":[169,199],"resulting":[170],"data":[171],"formed":[172],"foundation":[174],"long-term":[177],"case":[178],"studies:":[179],"classification":[180],"Content":[182],"Delivery":[183],"Network":[184],"C2":[186,196],"Moreover,":[188],"detection":[190],"was":[191],"fine-grained":[192],"enough":[193],"detect":[195],"families.":[198],"proposed":[200],"demonstrated":[202],"precision":[204],"99%":[206],"enabled":[208],"stable":[210],"identification":[211],"time.":[216],"shows":[219],"how":[220],"provide":[224],"security-relevant":[226],"insights":[227],"improve":[229],"our":[230],"understanding":[231],"Internet.":[234]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":3}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}