Experimental evaluation of malware family classification methods from sequential information of tls-encrypted traffic
- Authors
- Ha, J.; Roh, H.
- Issue Date
- Dec-2021
- Publisher
- MDPI
- Keywords
- Encrypted traffic; Malware detection; Malware family classification; Transport layer security
- Citation
- Electronics (Switzerland), v.10, no.24
- Indexed
- SCIE
SCOPUS
- Journal Title
- Electronics (Switzerland)
- Volume
- 10
- Number
- 24
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/135813
- DOI
- 10.3390/electronics10243180
- ISSN
- 2079-9292
2079-9292
- Abstract
- In parallel with the rapid adoption of transport layer security (TLS), malware has utilized the encrypted communication channel provided by TLS to hinder detection from network traffic. To this end, recent research efforts are directed toward malware detection and malware family classification for TLS-encrypted traffic. However, amongst their feature sets, the proposals to utilize the sequential information of each TLS session has not been properly evaluated, especially in the context of malware family classification. In this context, we propose a systematic framework to evaluate the state-of-the-art malware family classification methods for TLS-encrypted traffic in a controlled environment and discuss the advantages and limitations of the methods comprehensively. In particular, our experimental results for the 10 representations and classifier combinations show that the graph-based representation for the sequential information achieves better performance regardless of the evaluated classification algorithms. With our framework and findings, researchers can design better machine learning based classifiers. © 2021 by the authors. Licensee MDPI, Basel, Switzerland.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Graduate School > Department of Cyber Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.