Poster abstract: Encrypted malware traffic detection using incremental learning

Insup Lee, Heejun Roh, Wonjun Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Even though the growing adoption of TLS protocol empowers web traffic to secure privacy, attackers also leverage the TLS to evade from detection, and this makes detecting threats from the encrypted traffic a crucial task. In this paper, we propose an effective encrypted malware traffic detection method that maintains sufficient performance level by periodic updates using machine learning. The proposed method employs incremental algorithms trained by 31 flow features from TLS, HTTP, and DNS. Experimental results show that the incremental Support Vector Machine with Stochastic Gradient Descent algorithm is suitable for the detection method amongst three algorithms, by off-line and on-line accuracy at a low false discovery rate.

Original languageEnglish
Title of host publicationIEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1348-1349
Number of pages2
ISBN (Electronic)9781728186955
DOIs
Publication statusPublished - 2020 Jul
Event2020 IEEE INFOCOM Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020 - Toronto, Canada
Duration: 2020 Jul 62020 Jul 9

Publication series

NameIEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020

Conference

Conference2020 IEEE INFOCOM Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020
CountryCanada
CityToronto
Period20/7/620/7/9

Keywords

  • Encrypted Malware Detection
  • Incremental Learning
  • Machine Learning
  • Transport Layer Security

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Poster abstract: Encrypted malware traffic detection using incremental learning'. Together they form a unique fingerprint.

Cite this