End-node Fingerprinting for Malware Detection on HTTPS Data

0507114 - ÚTIA 2020 RIV US eng C - Konferenční příspěvek (zahraniční konf.)
Komárek, T. - Somol, Petr
End-node Fingerprinting for Malware Detection on HTTPS Data.
Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES'17). New York: ACM, 2017, s. 1-7, č. článku 77. ISBN 978-1-4503-5257-4.
[the 12th International Conference on Availability, Reliability and Security (ARES'17). Reggio Calabria (IT), 29.08.2017-01.09.2017]
Institucionální podpora: RVO:67985556
Klíčová slova: HTTPS data * Malware detection * Supervised learning
Obor OECD: Robotics and automatic control
http://library.utia.cas.cz/separaty/2019/RO/somol-0507114.pdf

One of the current challenges in network intrusion detection research is the malware communicating over HTTPS protocol. Usually the task is to detect infected end-nodes with this type of malware by monitoring network traffc. The challenge lies in a very limited number of weak features that can be extracted from the network traffc capture of encrypted HTTP communication. This paper suggests a novel fingerprinting method that addresses this
problem by building a higher-level end-node representation on top of the weak features. Conducted large-scale experiments on real network data show superior performance of the proposed method over the state-of-the-art solution in terms of both a lower number of produced false alarms (precision) and a higher number of detected infections (recall).
Trvalý link: http://hdl.handle.net/11104/0298533