Publication details

Conference Paper (international conference)

End-node Fingerprinting for Malware Detection on HTTPS Data

Komárek T., Somol Petr

: Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES'17), p. 1-7

: the 12th International Conference on Availability, Reliability and Security (ARES'17), (Reggio Calabria, IT, 20170829)

: HTTPS data, Malware detection, Supervised learning

: 10.1145/3098954.3107007

: http://library.utia.cas.cz/separaty/2019/RO/somol-0507114.pdf

(eng): One of the current challenges in network intrusion detection research is the malware communicating over HTTPS protocol. Usually the task is to detect infected end-nodes with this type of malware by monitoring network traffc. The challenge lies in a very limited number of weak features that can be extracted from the network traffc capture of encrypted HTTP communication. This paper suggests a novel fingerprinting method that addresses this\nproblem by building a higher-level end-node representation on top of the weak features. Conducted large-scale experiments on real network data show superior performance of the proposed method over the state-of-the-art solution in terms of both a lower number of produced false alarms (precision) and a higher number of detected infections (recall).

: BC

: 20204