In recent years there has been a dramatic increase in the number of malware attacks that use encrypted HTTP traffic for self-propagation and communication. Due to the volume of legitimate encrypted data, encrypted malicious traffic resembles benign traffic. As the malicious traffic is similar to benign traffic, it poses a challenge for antivirus software and firewalls. Since antivirus software and firewalls will not typically have access to encryption keys, detection techniques are needed that do not require decrypting the traffic. In this research, we apply a variety of machine learning techniques to the problem of distinguishing malicious encrypted HTTP traffic from benign encrypted traffic.
Shekhawat, Anish Singh, "Analysis of Encrypted Malicious Traffic" (2018). Master's Projects. 622.
Available for download on Saturday, June 01, 2019