Cristin-resultat-ID: 1928295
Sist endret: 6. januar 2022, 13:34
NVI-rapporteringsår: 2021
Resultat
Vitenskapelig artikkel
2021

Using Features of Encrypted Network Traffic to Detect Malware

Bidragsytere:
  • Zeeshan Afzal
  • Brunstrom Anna og
  • Stefan Lindskog

Tidsskrift

Lecture Notes in Computer Science (LNCS)
ISSN 0302-9743
e-ISSN 1611-3349
NVI-nivå 1

Om resultatet

Vitenskapelig artikkel
Publiseringsår: 2021
Volum: 12556
Sider: 37 - 53

Beskrivelse Beskrivelse

Tittel

Using Features of Encrypted Network Traffic to Detect Malware

Sammendrag

Encryption on the Internet is as pervasive as ever. This has protected communications and enhanced the privacy of users. Unfortunately, at the same time malware is also increasingly using encryption to hide its operation. The detection of such encrypted malware is crucial, but the traditional detection solutions assume access to payload data. To overcome this limitation, such solutions employ traffic decryption strategies that have severe drawbacks. This paper studies the usage of encryption for malicious and benign purposes using large datasets and proposes a machine learning based solution to detect malware using connection and TLS metadata without any decryption. The classification is shown to be highly accurate with high precision and recall rates by using a small number of features. Furthermore, we consider the deployment aspects of the solution and discuss different strategies to reduce the false positive rate.

Bidragsytere

Zeeshan Afzal

  • Tilknyttet:
    Forfatter
    ved Kungliga Tekniska högskolan
  • Tilknyttet:
    Forfatter
    ved Karlstads universitet

Brunstrom Anna

  • Tilknyttet:
    Forfatter
    ved Karlstads universitet
Aktiv cristin-person

Stefan Lindskog

  • Tilknyttet:
    Forfatter
    ved Software Engineering, Safety and Security ved SINTEF AS
  • Tilknyttet:
    Forfatter
    ved Karlstads universitet
1 - 3 av 3