All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Malicious SSL Certificate Detection: A Step Towards Advanced Persistent Threat Defence

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F17%3A00096897" target="_blank" >RIV/00216224:14330/17:00096897 - isvavai.cz</a>

  • Result on the web

    <a href="https://dl.acm.org/citation.cfm?id=3102331&CFID=996318447&CFTOKEN=91066867" target="_blank" >https://dl.acm.org/citation.cfm?id=3102331&CFID=996318447&CFTOKEN=91066867</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1145/3102304.3102331" target="_blank" >10.1145/3102304.3102331</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Malicious SSL Certificate Detection: A Step Towards Advanced Persistent Threat Defence

  • Original language description

    Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multistep attack. Within the APT life cycle, continuous communication between infected hosts and Command and Control (C&amp;C) servers is maintained to instruct and guide the compromised machines. These communications are usually protected by Secure Sockets Layer (SSL) encryption, making it difficult to identify if the traffic directed to sites is malicious. This paper presents a Malicious SSL certificate Detection (MSSLD) module, which aims at detecting the APT C&amp;C communications based on a blacklist of malicious SSL certificates. This blacklist consists of two forms of SSL certificates, the SHA1 fingerprints and the serial &amp; subject, that are associated with malware and malicious activities. In this detection module, the network traffic is processed and all secure connections are filtered. The SSL certificate of each secure connection is then matched with the SSL certificate blacklist. This module was experimentally evaluated and the results show successful detection of malicious SSL certificates.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

  • Continuities

    S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2017

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of International Conference on Future Networks and Distributed Systems

  • ISBN

    9781450348447

  • ISSN

  • e-ISSN

  • Number of pages

    6

  • Pages from-to

    1-6

  • Publisher name

    ACM Digital Library

  • Place of publication

    Cambridge, United Kingdom

  • Event location

    Cambridge, United Kingdom

  • Event date

    Jul 19, 2017

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000434833900034

Similar results(10)

Advanced Persistent Threat and Spear Phishing EmailsBlacklist-based Malicious IP Traffic DetectionDNS Traffic Analysis for Malicious Domains Detection