Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

Experimental evaluation of malware family classification methods from sequential information of tls-encrypted traffic

Authors
Ha, J.Roh, H.
Issue Date
Dec-2021
Publisher
MDPI
Keywords
Encrypted traffic; Malware detection; Malware family classification; Transport layer security
Citation
Electronics (Switzerland), v.10, no.24
Indexed
SCIE
SCOPUS
Journal Title
Electronics (Switzerland)
Volume
10
Number
24
URI
https://scholar.korea.ac.kr/handle/2021.sw.korea/135813
DOI
10.3390/electronics10243180
ISSN
2079-9292
2079-9292
Abstract
In parallel with the rapid adoption of transport layer security (TLS), malware has utilized the encrypted communication channel provided by TLS to hinder detection from network traffic. To this end, recent research efforts are directed toward malware detection and malware family classification for TLS-encrypted traffic. However, amongst their feature sets, the proposals to utilize the sequential information of each TLS session has not been properly evaluated, especially in the context of malware family classification. In this context, we propose a systematic framework to evaluate the state-of-the-art malware family classification methods for TLS-encrypted traffic in a controlled environment and discuss the advantages and limitations of the methods comprehensively. In particular, our experimental results for the 10 representations and classifier combinations show that the graph-based representation for the sequential information achieves better performance regardless of the evaluated classification algorithms. With our framework and findings, researchers can design better machine learning based classifiers. © 2021 by the authors. Licensee MDPI, Basel, Switzerland.
Files in This Item
There are no files associated with this item.
Appears in
Collections
Graduate School > Department of Cyber Security > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Altmetrics

Total Views & Downloads

BROWSE