A survey on tls-encrypted malware network traffic analysis applicable to security operations centers
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Oh, C. | - |
dc.contributor.author | Ha, J. | - |
dc.contributor.author | Roh, H. | - |
dc.date.accessioned | 2022-02-23T01:40:26Z | - |
dc.date.available | 2022-02-23T01:40:26Z | - |
dc.date.created | 2022-02-11 | - |
dc.date.issued | 2022-01 | - |
dc.identifier.issn | 2076-3417 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/136564 | - |
dc.description.abstract | Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods. © 2021 by the authors. Licensee MDPI, Basel, Switzerland. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | MDPI | - |
dc.title | A survey on tls-encrypted malware network traffic analysis applicable to security operations centers | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Roh, H. | - |
dc.identifier.doi | 10.3390/app12010155 | - |
dc.identifier.scopusid | 2-s2.0-85121682256 | - |
dc.identifier.wosid | 000752633600001 | - |
dc.identifier.bibliographicCitation | Applied Sciences (Switzerland), v.12, no.1 | - |
dc.relation.isPartOf | Applied Sciences (Switzerland) | - |
dc.citation.title | Applied Sciences (Switzerland) | - |
dc.citation.volume | 12 | - |
dc.citation.number | 1 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Chemistry | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Materials Science | - |
dc.relation.journalResearchArea | Physics | - |
dc.relation.journalWebOfScienceCategory | Chemistry, Multidisciplinary | - |
dc.relation.journalWebOfScienceCategory | Engineering, Multidisciplinary | - |
dc.relation.journalWebOfScienceCategory | Materials Science, Multidisciplinary | - |
dc.relation.journalWebOfScienceCategory | Physics, Applied | - |
dc.subject.keywordAuthor | Malware | - |
dc.subject.keywordAuthor | Network traffic analysis | - |
dc.subject.keywordAuthor | Security operations center | - |
dc.subject.keywordAuthor | Traffic classification | - |
dc.subject.keywordAuthor | Transport layer security | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.