Experimental evaluation of malware family classification methods from sequential information of tls-encrypted traffic
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Ha, J. | - |
dc.contributor.author | Roh, H. | - |
dc.date.accessioned | 2022-02-15T02:42:21Z | - |
dc.date.available | 2022-02-15T02:42:21Z | - |
dc.date.created | 2022-02-09 | - |
dc.date.issued | 2021-12 | - |
dc.identifier.issn | 2079-9292 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/135813 | - |
dc.description.abstract | In parallel with the rapid adoption of transport layer security (TLS), malware has utilized the encrypted communication channel provided by TLS to hinder detection from network traffic. To this end, recent research efforts are directed toward malware detection and malware family classification for TLS-encrypted traffic. However, amongst their feature sets, the proposals to utilize the sequential information of each TLS session has not been properly evaluated, especially in the context of malware family classification. In this context, we propose a systematic framework to evaluate the state-of-the-art malware family classification methods for TLS-encrypted traffic in a controlled environment and discuss the advantages and limitations of the methods comprehensively. In particular, our experimental results for the 10 representations and classifier combinations show that the graph-based representation for the sequential information achieves better performance regardless of the evaluated classification algorithms. With our framework and findings, researchers can design better machine learning based classifiers. © 2021 by the authors. Licensee MDPI, Basel, Switzerland. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | MDPI | - |
dc.title | Experimental evaluation of malware family classification methods from sequential information of tls-encrypted traffic | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Roh, H. | - |
dc.identifier.doi | 10.3390/electronics10243180 | - |
dc.identifier.scopusid | 2-s2.0-85121383867 | - |
dc.identifier.wosid | 000742446500001 | - |
dc.identifier.bibliographicCitation | Electronics (Switzerland), v.10, no.24 | - |
dc.relation.isPartOf | Electronics (Switzerland) | - |
dc.citation.title | Electronics (Switzerland) | - |
dc.citation.volume | 10 | - |
dc.citation.number | 24 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Physics | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Physics, Applied | - |
dc.subject.keywordPlus | NETWORK | - |
dc.subject.keywordPlus | IDENTIFICATION | - |
dc.subject.keywordAuthor | Encrypted traffic | - |
dc.subject.keywordAuthor | Malware detection | - |
dc.subject.keywordAuthor | Malware family classification | - |
dc.subject.keywordAuthor | Transport layer security | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.