Feature Analysis of Encrypted Malicious Traffic
- URL: http://arxiv.org/abs/2312.04596v1
- Date: Wed, 6 Dec 2023 12:04:28 GMT
- Title: Feature Analysis of Encrypted Malicious Traffic
- Authors: Anish Singh Shekhawat and Fabio Di Troia and Mark Stamp
- Abstract summary: In recent years there has been a dramatic increase in the number of malware attacks that use encrypted HTTP traffic for self-propagation or communication.
Antivirus software and firewalls typically will not have access to encryption keys, and therefore direct detection of encrypted data is unlikely to succeed.
Previous work has shown that traffic analysis can provide indications of malicious intent, even in cases where the underlying data remains encrypted.
- Score: 3.3148826359547514
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: In recent years there has been a dramatic increase in the number of malware
attacks that use encrypted HTTP traffic for self-propagation or communication.
Antivirus software and firewalls typically will not have access to encryption
keys, and therefore direct detection of malicious encrypted data is unlikely to
succeed. However, previous work has shown that traffic analysis can provide
indications of malicious intent, even in cases where the underlying data
remains encrypted. In this paper, we apply three machine learning techniques to
the problem of distinguishing malicious encrypted HTTP traffic from benign
encrypted traffic and obtain results comparable to previous work. We then
consider the problem of feature analysis in some detail. Previous work has
often relied on human expertise to determine the most useful and informative
features in this problem domain. We demonstrate that such feature-related
information can be obtained directly from machine learning models themselves.
We argue that such a machine learning based approach to feature analysis is
preferable, as it is more reliable, and we can, for example, uncover relatively
unintuitive interactions between features.
Related papers
- MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware.
We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph.
This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
arXiv Detail & Related papers (2024-09-29T07:22:47Z) - Understanding crypter-as-a-service in a popular underground marketplace [51.328567400947435]
Crypters are pieces of software whose main goal is to transform a target binary so it can avoid detection from Anti Viruses (AVs) applications.
The crypter-as-a-service model has gained popularity, in response to the increased sophistication of detection mechanisms.
This paper provides the first study on an online underground market dedicated to crypter-as-a-service.
arXiv Detail & Related papers (2024-05-20T08:35:39Z) - Towards Generalizable Data Protection With Transferable Unlearnable
Examples [50.628011208660645]
We present a novel, generalizable data protection method by generating transferable unlearnable examples.
To the best of our knowledge, this is the first solution that examines data privacy from the perspective of data distribution.
arXiv Detail & Related papers (2023-05-18T04:17:01Z) - Maybenot: A Framework for Traffic Analysis Defenses [1.6114012813668932]
We present Maybenot, a framework for traffic analysis defenses.
Maybenot is designed to be easy to use and integrate into existing end-to-end encrypted protocols.
arXiv Detail & Related papers (2023-04-19T08:59:34Z) - Feature Mining for Encrypted Malicious Traffic Detection with Deep
Learning and Other Machine Learning Algorithms [7.404682407709988]
The popularity of encryption mechanisms poses a great challenge to malicious traffic detection.
Traditional detection techniques cannot work without the decryption of encrypted traffic.
In this paper, we provide an in-depth analysis of traffic features and compare different state-of-the-art traffic feature creation approaches.
We propose a novel concept for encrypted traffic feature which is specifically designed for encrypted malicious traffic analysis.
arXiv Detail & Related papers (2023-04-07T15:25:36Z) - An Embarrassingly Simple Backdoor Attack on Self-supervised Learning [52.28670953101126]
Self-supervised learning (SSL) is capable of learning high-quality representations of complex data without relying on labels.
We study the inherent vulnerability of SSL to backdoor attacks.
arXiv Detail & Related papers (2022-10-13T20:39:21Z) - Instance Attack:An Explanation-based Vulnerability Analysis Framework
Against DNNs for Malware Detection [0.0]
We propose the notion of the instance-based attack.
Our scheme is interpretable and can work in a black-box environment.
Our method operates in black-box settings and the results can be validated with domain knowledge.
arXiv Detail & Related papers (2022-09-06T12:41:20Z) - An anomaly detection approach for backdoored neural networks: face
recognition as a case study [77.92020418343022]
We propose a novel backdoored network detection method based on the principle of anomaly detection.
We test our method on a novel dataset of backdoored networks and report detectability results with perfect scores.
arXiv Detail & Related papers (2022-08-22T12:14:13Z) - Machine Learning for Encrypted Malicious Traffic Detection: Approaches,
Datasets and Comparative Study [6.267890584151111]
In post-COVID-19 environment, malicious traffic encryption is growing rapidly.
We formulate a universal framework of machine learning based encrypted malicious traffic detection techniques.
We implement and compare 10 encrypted malicious traffic detection algorithms.
arXiv Detail & Related papers (2022-03-17T14:00:55Z) - Malware Traffic Classification: Evaluation of Algorithms and an
Automated Ground-truth Generation Pipeline [8.779666771357029]
We propose an automated packet data-labeling pipeline to generate ground-truth data.
We explore and test different kind of clustering approaches which make use of unique and diverse set of features extracted from this observable meta-data.
arXiv Detail & Related papers (2020-10-22T11:48:51Z) - Adversarial EXEmples: A Survey and Experimental Evaluation of Practical
Attacks on Machine Learning for Windows Malware Detection [67.53296659361598]
adversarial EXEmples can bypass machine learning-based detection by perturbing relatively few input bytes.
We develop a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks.
These attacks, named Full DOS, Extend and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section.
arXiv Detail & Related papers (2020-08-17T07:16:57Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.