Malware Detection by HTTPS Traffic Analysis
- In order to evade detection by network-traffic analysis, a growing proportion of malware uses the encrypted HTTPS protocol. We explore the problem of detecting malware on client computers based on HTTPS traffic analysis. In this setting, malware has to be detected based on the host IP address, ports, timestamp, and data volume information of TCP/IP packets that are sent and received by all the applications on the client. We develop a scalable protocol that allows us to collect network flows of known malicious and benign applications as training data and derive a malware-detection method based on a neural networks and sequence classification. We study the method's ability to detect known and new, unknown malware in a large-scale empirical study.
Volltext Dateien herunterladen
SHA-1:be1a3854f79a6e7718b2daf058dbeea661d792ef
Weitere Dienste
| Verfasserangaben: | Paul PrasseGND, Gerrit Gruben, Lukas Machlika, Tomas Pevny, Michal Sofka, Tobias SchefferORCiD |
|---|---|
| URN: | urn:nbn:de:kobv:517-opus4-100942 |
| Publikationstyp: | Preprint |
| Sprache: | Englisch |
| Datum der Erstveröffentlichung: | 23.01.2017 |
| Erscheinungsjahr: | 2016 |
| Veröffentlichende Institution: | Universität Potsdam |
| Datum der Freischaltung: | 23.01.2017 |
| Freies Schlagwort / Tag: | computer security; machine learning |
| Seitenanzahl: | 10 |
| Organisationseinheiten: | Mathematisch-Naturwissenschaftliche Fakultät |
| DDC-Klassifikation: | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 004 Datenverarbeitung; Informatik |
| Lizenz (Deutsch): |  Keine öffentliche Lizenz: Unter Urheberrechtsschutz |
