Gomez et al., 2023 - Google Patents
Unsupervised detection and clustering of malicious tls flowsGomez et al., 2023
View PDF- Document ID
- 933848513911258425
- Author
- Gomez G
- Kotzias P
- Dell’Amico M
- Bilge L
- Caballero J
- Publication year
- Publication venue
- Security and Communication Networks
External Links
Snippet
Malware abuses TLS to encrypt its malicious traffic, preventing examination by content signatures and deep packet inspection. Network detection of malicious TLS flows is important, but it is a challenging problem. Prior works have proposed supervised machine …
- 238000001514 detection method 0 title abstract description 52
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Anderson et al. | Deciphering malware’s use of TLS (without decryption) | |
| US11323466B2 (en) | Malicious HTTP cookies detection and clustering | |
| Vekshin et al. | Doh insight: Detecting dns over https by machine learning | |
| Rafique et al. | Firma: Malware clustering and network signature generation with mixed network behaviors | |
| Husák et al. | HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting | |
| CA2966408C (en) | A system and method for network intrusion detection of covert channels based on off-line network traffic | |
| Gomez et al. | Unsupervised detection and clustering of malicious tls flows | |
| Roques et al. | Detecting malware in TLS traffic | |
| Matoušek et al. | On reliability of JA3 hashes for fingerprinting mobile applications | |
| Han et al. | The role of cloud services in malicious software: Trends and insights | |
| Yan et al. | Graph mining for cybersecurity: A survey | |
| Singh et al. | A comparative review of malware analysis and detection in HTTPs traffic | |
| Ife et al. | Waves of malice: A longitudinal measurement of the malicious file delivery ecosystem on the web | |
| Moure-Garrido et al. | Detecting malicious use of DOH tunnels using statistical traffic analysis | |
| Gou et al. | Discovering abnormal behaviors via HTTP header fields measurement | |
| Yaokai | Effective phishing detection using machine learning approach | |
| Jeng et al. | MD‐MinerP: Interaction Profiling Bipartite Graph Mining for Malware‐Control Domain Detection | |
| Mohammed | Network-Based Detection and Prevention System Against DNS-Based Attacks | |
| Hatada et al. | Finding new varieties of malware with the classification of network behavior | |
| Yang et al. | A multi-level feature extraction technique to detect moble botnet | |
| Shah | Detection of malicious encrypted web traffic using machine learning | |
| Shbair | Service-Level Monitoring of HTTPS Traffic | |
| Nadeem et al. | MalPaCA: malware packet sequence clustering and analysis | |
| Qi et al. | BotTokenizer: exploring network tokens of HTTP-based botnet using malicious network traces | |
| Heino et al. | JAPPI: An unsupervised endpoint application identification methodology for improved Zero Trust models, risk score calculations and threat detection |