Learning communication patterns for malware discovery in HTTPs data

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216208%3A11320%2F18%3A10374342" target="_blank" >RIV/00216208:11320/18:10374342 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/68407700:21230/18:00321114

Výsledek na webu

<a href="https://doi.org/10.1016/j.eswa.2018.02.010" target="_blank" >https://doi.org/10.1016/j.eswa.2018.02.010</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.eswa.2018.02.010" target="_blank" >10.1016/j.eswa.2018.02.010</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Learning communication patterns for malware discovery in HTTPs data

Popis výsledku v původním jazyce

Encrypted communication on the Internet using the HTTPs protocol represents a challenging task for network intrusion detection systems. While it significantly helps to preserve users&apos; privacy, it also limits a detection system&apos;s ability to understand the traffic and effectively identify malicious activities. In this work, we propose a method for modeling and representation of encrypted communication from logs of web communication. The idea is based on introducing communication snapshots of individual users&apos; activity that model contextual information of the encrypted requests. This helps to compensate the information hidden by the encryption. We then propose statistical descriptors of the communication snapshots that can be consumed by various machine learning algorithms for either supervised or unsupervised analysis of the data. In the experimental evaluation, we show that the presented approach can be used even on a large corpus of network traffic logs as the process of creation of the descriptors can be effectively implemented on a Hadoop cluster.

Název v anglickém jazyce

Learning communication patterns for malware discovery in HTTPs data

Popis výsledku anglicky

Encrypted communication on the Internet using the HTTPs protocol represents a challenging task for network intrusion detection systems. While it significantly helps to preserve users&apos; privacy, it also limits a detection system&apos;s ability to understand the traffic and effectively identify malicious activities. In this work, we propose a method for modeling and representation of encrypted communication from logs of web communication. The idea is based on introducing communication snapshots of individual users&apos; activity that model contextual information of the encrypted requests. This helps to compensate the information hidden by the encryption. We then propose statistical descriptors of the communication snapshots that can be consumed by various machine learning algorithms for either supervised or unsupervised analysis of the data. In the experimental evaluation, we show that the presented approach can be used even on a large corpus of network traffic logs as the process of creation of the descriptors can be effectively implemented on a Hadoop cluster.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/GA15-08916S" target="_blank" >GA15-08916S: Efektivní identifikace podgrafů při analýze webových grafů velikosti petabajtů</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Expert Systems with Applications

ISSN

0957-4174

e-ISSN

—

Svazek periodika

2018

Číslo periodika v rámci svazku

101

Stát vydavatele periodika

US - Spojené státy americké

Počet stran výsledku

14

Strana od-do

129-142

Kód UT WoS článku

000428498300009

EID výsledku v databázi Scopus

2-s2.0-85042216186