- search hit 1 of 1
Joint detection of malicious domains and infected clients
- Detection of malware-infected computers and detection of malicious web domains based on their encrypted HTTPS traffic are challenging problems, because only addresses, timestamps, and data volumes are observable. The detection problems are coupled, because infected clients tend to interact with malicious domains. Traffic data can be collected at a large scale, and antivirus tools can be used to identify infected clients in retrospect. Domains, by contrast, have to be labeled individually after forensic analysis. We explore transfer learning based on sluice networks; this allows the detection models to bootstrap each other. In a large-scale experimental study, we find that the model outperforms known reference models and detects previously unknown malware, previously unknown malware families, and previously unknown malicious domains.
Author details: | Paul PrasseORCiDGND, Rene Knaebel, Lukas Machlica, Tomas PevnyORCiD, Tobias SchefferORCiD |
---|---|
DOI: | https://doi.org/10.1007/s10994-019-05789-z |
ISSN: | 0885-6125 |
ISSN: | 1573-0565 |
Title of parent work (English): | Machine learning |
Publisher: | Springer |
Place of publishing: | Dordrecht |
Publication type: | Article |
Language: | English |
Date of first publication: | 2019/02/25 |
Publication year: | 2019 |
Release date: | 2020/11/18 |
Tag: | Computer security; Https traffic; Machine learning; Neural networks; Traffic data |
Volume: | 108 |
Issue: | 8-9 |
Number of pages: | 16 |
First page: | 1353 |
Last Page: | 1368 |
Funding institution: | Cisco RD |
Organizational units: | Mathematisch-Naturwissenschaftliche Fakultät / Institut für Informatik und Computational Science |
DDC classification: | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme |