poster feasibility of malware traffic analysis through
play

Poster: Feasibility of Malware Traffic Analysis through - PowerPoint PPT Presentation

Jun 21, 2023 •763 likes •896 views

Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization IEEE International Conference on Network Protocols 2020 October 13-16, 2020 Dongeon Kim, Jihun Han , Jinwoo Lee, Heejun Roh Korea University Sejong Campus,

  1. Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization IEEE International Conference on Network Protocols 2020 October 13-16, 2020 Dongeon Kim, Jihun Han , Jinwoo Lee, Heejun Roh Korea University Sejong Campus, Sejong, Republic of Korea Wonjun Lee Korea University, Seoul, Republic of Korea 1

  2. IEEE ICNP 2020 Motivation Encrypted traffic across google Network using TLS encryption is increasing 95% of traffic across google is encrypted 80% of enterprise traffic on the Zscaler cloud in is encrypted https://transparencyreport.google.com/https/overview?hl=en 2

  3. IEEE ICNP 2020 Motivation Deep Packet Inspection Application Data IP TCP ? https://news.sophos.com/en-us/2020/02/18/nearly-a- quarter-of-malware-now-communicates-using-tls 3

  4. IEEE ICNP 2020 Motivation B. Anderson and D. McGrew, “ Identifying encrypted malware traffic with contextual flow data, ” in • Proc. of AISec ’ 16 (co-located with ACM CCS) , Vienna, Austria, October 2016. B. Anderson, S. Paul, and D. McGrew, “ Deciphering malware’s use of TLS (without decryption), ” • Journal of Computer Virology and Hacking Techniques , vol. 14, no. 3, pp. 195 – 211, August 2018. • Require fine-grained feature selection conducted by experts • Need to conduct field-specific preprocessing for message field values 4

  5. IEEE ICNP 2020 Our Proposal: TLS-Encrypted Flow Visualization Image Format of TLS-Encrypted Flow 5

  6. IEEE ICNP 2020 Our Proposal: TLS-Encrypted Flow Visualization • TLS flow metadata have fruitful information to classify encrypted malware traffic • Images can capture small changes yet retain the global message exchange pattern • Different messages of a flow can be easily observed as a colored image 6

  7. IEEE ICNP 2020 Images from Malware Families 7

  8. IEEE ICNP 2020 Feasibility of Malware Traffic Analysis via Images 8

  9. IEEE ICNP 2020 Experimental Results B. Duncan. Malware traffic analysis. [Online]. Available: http:/malware-traffic-analysis.net/ 9

  10. IEEE ICNP 2020 Experimental Results 97% Accuracy in Average 93% Accuracy in Average Resulting confusion matrices 10

  11. IEEE ICNP 2020 Conclusion • Malware using TLS will continue to increase in the future • There needs to be new method to detect malware using TLS • Both SVM and CNN had high accuracy, even though the images do not have similar patterns 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anomaly Detection Algorithms for Malware Traffic Analysis using Tamper Resistant Features Dr.

Anomaly Detection Algorithms for Malware Traffic Analysis using Tamper Resistant Features Dr.

Anomaly Detection Algorithms for Malware Traffic Analysis using Tamper Resistant Features Dr. Patrick McDaniel Berkay Celik Fall 2015 Introduction Motivation Related Work Data Approach Experimental Results Comparison

391 views • 25 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No.

Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No.

IBAC 2017 Haridwar, India Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No. 41-80: Poster session-2 (Tuesday, 10 October, 2017) P. Title of abstract Presenter Affiliation No Effect of traffic

643 views • 6 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal and Wenke Lee College of Computing Georgia Institute of Technology Agenda l Background l Defeating Automated Malware Analysis Host

1.28k views • 28 slides
CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu February 22, 2018 Exploring the Online Ecosystem One nice aspect of malware analysis is that, since much of it originates online and

119 views • 10 slides
CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane kaneca@mail.uc.edu January 24, 2017 Why Classification is Important Malware classification helps us in multiple ways. Here are a couple key ways:

787 views • 16 slides
Technical feasibility of Segment Routing Traffic Engineering to steer traffic through VNFs

Technical feasibility of Segment Routing Traffic Engineering to steer traffic through VNFs

R. van der Gaag, M. Slotboom Technical feasibility of Segment Routing Traffic Engineering to steer traffic through VNFs Research Project 1 SURF is the collaborative ICT organisation for Dutch education and research. - Education institutions

462 views • 14 slides
MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me Malware RE @ Trusteer, IBM, Seculert binary analysis automation sandbox development Now in vEYE Security on software container

591 views • 48 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev

Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev

Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev Stuxnet (2009) Organization Core a large .dll file 2 encrypted configuration files Dropper component Core in a stub section

703 views • 43 slides
Reproducibility in the Cloud Rawaa Qasha, Jacek Caa, Paul Watson Newcastle University, Newcastle

Reproducibility in the Cloud Rawaa Qasha, Jacek Caa, Paul Watson Newcastle University, Newcastle

A Framework for Scientific Workflow Reproducibility in the Cloud Rawaa Qasha, Jacek Caa, Paul Watson Newcastle University, Newcastle upon Tyne, UK Email: {r.qasha, jacek.cala, paul.watson}@newcastle.ac.uk In this paper A new framework for

678 views • 19 slides
Roommate Project Description Capture We streamline posting open rooms Post near universities

Roommate Project Description Capture We streamline posting open rooms Post near universities

Project Roommate Project Description Capture We streamline posting open rooms Post near universities Connect Challenges iOS development Image capture, Storage, and Retrieving Continuous scrolling and loading of images

652 views • 3 slides
Image Capture On Embedded Linux Systems Jacopo Mondi FOSDEM 2018 Jacopo Mondi - FOSDEM 2018

Image Capture On Embedded Linux Systems Jacopo Mondi FOSDEM 2018 Jacopo Mondi - FOSDEM 2018

Image Capture On Embedded Linux Systems Jacopo Mondi FOSDEM 2018 Jacopo Mondi - FOSDEM 2018 Image Capture On Embedded Linux Systems (1/ 63) Who am I Hello, Im Jacopo jacopo@jmondi.org irc: jmondi freenode.net Linux kernel and embedded

1k views • 64 slides
QuickTim e Stream ing Server Darw in Stream ing Server 9/ 29/ 2004 Page 1 / 15 Media

QuickTim e Stream ing Server Darw in Stream ing Server 9/ 29/ 2004 Page 1 / 15 Media

QuickTim e Stream ing Server Darw in Stream ing Server 9/ 29/ 2004 Page 1 / 15 Media Streaming Class 2004 QuickTim e Suite Darw in is the core of Mac OS X. DSS is the free, open source version of QuickTim e Stream ing Server

385 views • 12 slides
Why p -methods in Signal Limitations of . . . and Image Processing: Remaining Problem Let

Why p -methods in Signal Limitations of . . . and Image Processing: Remaining Problem Let

Need for Deblurring In General, Signal and . . . Need for Regularization Tikhonov Regularization Why p -methods in Signal Limitations of . . . and Image Processing: Remaining Problem Let us Apply Fuzzy . . . A Fuzzy-Based Explanation

809 views • 16 slides
14.9.2 JPEG2000 compression DCT compression basis for JPEG wavelet compression

14.9.2 JPEG2000 compression DCT compression basis for JPEG wavelet compression

14.9 JPEG and MPEG image compression 31 14.9.2 JPEG2000 compression DCT compression basis for JPEG wavelet compression basis for JPEG2000 JPEG2000 new international standard for still image compression

492 views • 12 slides
CS475 / CS675 Lecture 20: July 7, 2016 Bidiagonalization SVD Image Compression Reading: [TB]

CS475 / CS675 Lecture 20: July 7, 2016 Bidiagonalization SVD Image Compression Reading: [TB]

CS475 / CS675 Lecture 20: July 7, 2016 Bidiagonalization SVD Image Compression Reading: [TB] Chapter 31 CS475/CS675 (c) 2016 P. Poupart & J. Wan 1 Alternative SVD Technique Assume is square, i.e., Consider the symmetric matrix:

556 views • 13 slides
High Quality Image Compression Using PDE-Based Inpainting with Optimal Data Laurent Hoeltgen

High Quality Image Compression Using PDE-Based Inpainting with Optimal Data Laurent Hoeltgen

2016 SIAM Conference on Imaging Science Albuquerque, May 23 May 26 High Quality Image Compression Using PDE-Based Inpainting with Optimal Data Laurent Hoeltgen hoeltgen@b-tu.de Chair for Applied Mathematics Brandenburg Technical

675 views • 65 slides

More recommend