Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization

Dongeon Kim, Jihun Han, Jinwoo Lee, Heejun Roh, Wonjun Lee

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    11 Citations (Scopus)

    Abstract

    With the wide adoption of TLS, malware's use of TLS is also growing fast. However, fine-grained feature selection in existing approaches is too burdensome. To this end, we propose to visualize TLS-encrypted flow metadata as an image for better malware traffic analysis and classification. We discuss its feasibility and show some preliminary classification results with high accuracy.

    Original languageEnglish
    Title of host publication28th IEEE International Conference on Network Protocols, ICNP 2020
    PublisherIEEE Computer Society
    ISBN (Electronic)9781728169927
    DOIs
    Publication statusPublished - 2020 Oct 13
    Event28th IEEE International Conference on Network Protocols, ICNP 2020 - Madrid, Spain
    Duration: 2020 Oct 132020 Oct 16

    Publication series

    NameProceedings - International Conference on Network Protocols, ICNP
    Volume2020-October
    ISSN (Print)1092-1648

    Conference

    Conference28th IEEE International Conference on Network Protocols, ICNP 2020
    Country/TerritorySpain
    CityMadrid
    Period20/10/1320/10/16

    Bibliographical note

    Funding Information:
    ACKNOWLEDGMENT This research was supported by Korea Institute of Science and Technology Information (KISTI). Prof. Heejun Roh is the corresponding author.

    Publisher Copyright:
    © 2020 IEEE.

    Keywords

    • Mal-ware
    • Malware Family
    • TLS Flow Metadata
    • Transport Layer Security (TLS)
    • Visualization

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Software

    Fingerprint

    Dive into the research topics of 'Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization'. Together they form a unique fingerprint.

    Cite this