kth.sePublikationer
EnglishSvenskaNorsk
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Using Features of Encrypted Network Traffic to Detect Malware
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik. Karlstad University Karlstad Sweden.ORCID-id: 0000-0001-9886-6651
2021 (Engelska)Ingår i: 25th Nordic Conference on Secure IT Systems, NordSec 2020, Springer Science and Business Media Deutschland GmbH , 2021, s. 37-53Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Encryption on the Internet is as pervasive as ever. This has protected communications and enhanced the privacy of users. Unfortunately, at the same time malware is also increasingly using encryption to hide its operation. The detection of such encrypted malware is crucial, but the traditional detection solutions assume access to payload data. To overcome this limitation, such solutions employ traffic decryption strategies that have severe drawbacks. This paper studies the usage of encryption for malicious and benign purposes using large datasets and proposes a machine learning based solution to detect malware using connection and TLS metadata without any decryption. The classification is shown to be highly accurate with high precision and recall rates by using a small number of features. Furthermore, we consider the deployment aspects of the solution and discuss different strategies to reduce the false positive rate.
Ort, förlag, år, upplaga, sidor
Springer Science and Business Media Deutschland GmbH , 2021. s. 37-53
Nyckelord [en]
Large dataset, Malware, Turing machines, False positive rates, High-precision, Highly accurate, Large datasets, Network traffic, Payload data, Protected communications, Cryptography
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:kth:diva-308511DOI: 10.1007/978-3-030-70852-8_3ISI: 000927605100003Scopus ID: 2-s2.0-85103538148OAI: oai:DiVA.org:kth-308511DiVA, id: diva2:1636285
Konferens
23 November 2020 through 24 November 2020
Anmärkning

Part of proceedings: ISBN 9783030708511, QC 20230118

Tillgänglig från: 2022-02-09 Skapad: 2022-02-09 Senast uppdaterad: 2023-09-21Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextScopus

Person

Afzal, Zeeshan

Sök vidare i DiVA

Av författaren/redaktören
Afzal, Zeeshan
Av organisationen
Nätverk och systemteknik
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 241 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Bibliotek
|
DiVA support
|
Registrera i DiVA
|
Spikning av avhandling
|
SwePub