What is Anomaly Detection?
Understanding anomaly detection in cybersecurity and how it identifies threats through statistical and machine learning approaches
The output of both JA3 and JA4 is a hash of the original fingerprint.
A hash is a mathematical function that takes an input (like text or data) and produces a fixed-size string of characters, which acts like a digital fingerprint of that input. The key property of a hash is that it's one-way, you can't reconstruct the original input from the hash value, and even a tiny change in the input produces a completely different hash output.
The core issue with hashing in JA3/JA4 is that it creates an information bottleneck that makes analysis more difficult. When TLS parameters are hashed into a single value, you lose the ability to:
Peakhour takes the approach of keeping the full TLS Fingerprint rather than hashing. This allows full flexibility when matching and blocking, while enabling easy additions down the track.
Understanding anomaly detection in cybersecurity and how it identifies threats through statistical and machine learning approaches
Understanding API threat detection and how to identify security threats targeting API endpoints and services
Understanding behavioural analysis in cybersecurity and how it detects threats through user and application behaviour patterns
An overview of JA3 fingerprinting, a passive technique for combatting bots.
An overview of JA4 fingerprinting, a passive technique for combatting bots.
An overview of TLS fingerprinting, a passive technique for combatting bots.
© PEAKHOUR.IO PTY LTD 2025 ABN 76 619 930 826 All rights reserved.