Poster abstract: Encrypted malware traffic detection using incremental learning

Insup Lee; Heejun Roh; Wonjun Lee

doi:10.1109/INFOCOMWKSHPS50562.2020.9162971

Poster abstract: Encrypted malware traffic detection using incremental learning

Insup Lee, Heejun Roh, Wonjun Lee

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

6 Citations (Scopus)

Abstract

Even though the growing adoption of TLS protocol empowers web traffic to secure privacy, attackers also leverage the TLS to evade from detection, and this makes detecting threats from the encrypted traffic a crucial task. In this paper, we propose an effective encrypted malware traffic detection method that maintains sufficient performance level by periodic updates using machine learning. The proposed method employs incremental algorithms trained by 31 flow features from TLS, HTTP, and DNS. Experimental results show that the incremental Support Vector Machine with Stochastic Gradient Descent algorithm is suitable for the detection method amongst three algorithms, by off-line and on-line accuracy at a low false discovery rate.

Original language	English
Title of host publication	IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1348-1349
Number of pages	2
ISBN (Electronic)	9781728186955
DOIs	https://doi.org/10.1109/INFOCOMWKSHPS50562.2020.9162971
Publication status	Published - 2020 Jul
Event	2020 IEEE INFOCOM Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020 - Toronto, Canada Duration: 2020 Jul 6 → 2020 Jul 9

Publication series

Name	IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020

Conference

Conference	2020 IEEE INFOCOM Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020
Country/Territory	Canada
City	Toronto
Period	20/7/6 → 20/7/9

Keywords

Encrypted Malware Detection
Incremental Learning
Machine Learning
Transport Layer Security

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture
Information Systems and Management
Safety, Risk, Reliability and Quality

Access to Document

10.1109/INFOCOMWKSHPS50562.2020.9162971

Cite this

Lee, I., Roh, H., & Lee, W. (2020). Poster abstract: Encrypted malware traffic detection using incremental learning. In IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020 (pp. 1348-1349). [9162971] (IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/INFOCOMWKSHPS50562.2020.9162971

Poster abstract : Encrypted malware traffic detection using incremental learning. / Lee, Insup; Roh, Heejun; Lee, Wonjun.

IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020. Institute of Electrical and Electronics Engineers Inc., 2020. p. 1348-1349 9162971 (IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, I, Roh, H & Lee, W 2020, Poster abstract: Encrypted malware traffic detection using incremental learning. in IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020., 9162971, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020, Institute of Electrical and Electronics Engineers Inc., pp. 1348-1349, 2020 IEEE INFOCOM Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020, Toronto, Canada, 20/7/6. https://doi.org/10.1109/INFOCOMWKSHPS50562.2020.9162971

Lee I, Roh H, Lee W. Poster abstract: Encrypted malware traffic detection using incremental learning. In IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020. Institute of Electrical and Electronics Engineers Inc. 2020. p. 1348-1349. 9162971. (IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020). doi: 10.1109/INFOCOMWKSHPS50562.2020.9162971

Lee, Insup ; Roh, Heejun ; Lee, Wonjun. / Poster abstract : Encrypted malware traffic detection using incremental learning. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020. Institute of Electrical and Electronics Engineers Inc., 2020. pp. 1348-1349 (IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020).

@inproceedings{ec09301057e74d67871d6aad7c443205,

title = "Poster abstract: Encrypted malware traffic detection using incremental learning",

abstract = "Even though the growing adoption of TLS protocol empowers web traffic to secure privacy, attackers also leverage the TLS to evade from detection, and this makes detecting threats from the encrypted traffic a crucial task. In this paper, we propose an effective encrypted malware traffic detection method that maintains sufficient performance level by periodic updates using machine learning. The proposed method employs incremental algorithms trained by 31 flow features from TLS, HTTP, and DNS. Experimental results show that the incremental Support Vector Machine with Stochastic Gradient Descent algorithm is suitable for the detection method amongst three algorithms, by off-line and on-line accuracy at a low false discovery rate.",

keywords = "Encrypted Malware Detection, Incremental Learning, Machine Learning, Transport Layer Security",

author = "Insup Lee and Heejun Roh and Wonjun Lee",

note = "Funding Information: ACKNOWLEDGMENT This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2019R1A2C2088812). Wonjun Lee is the corresponding author. Publisher Copyright: {\textcopyright} 2020 IEEE.; 2020 IEEE INFOCOM Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020 ; Conference date: 06-07-2020 Through 09-07-2020",

year = "2020",

month = jul,

doi = "10.1109/INFOCOMWKSHPS50562.2020.9162971",

language = "English",

series = "IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1348--1349",

booktitle = "IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020",

}

TY - GEN

T1 - Poster abstract

T2 - 2020 IEEE INFOCOM Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020

AU - Lee, Insup

AU - Roh, Heejun

AU - Lee, Wonjun

N1 - Funding Information: ACKNOWLEDGMENT This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. 2019R1A2C2088812). Wonjun Lee is the corresponding author. Publisher Copyright: © 2020 IEEE.

PY - 2020/7

Y1 - 2020/7

N2 - Even though the growing adoption of TLS protocol empowers web traffic to secure privacy, attackers also leverage the TLS to evade from detection, and this makes detecting threats from the encrypted traffic a crucial task. In this paper, we propose an effective encrypted malware traffic detection method that maintains sufficient performance level by periodic updates using machine learning. The proposed method employs incremental algorithms trained by 31 flow features from TLS, HTTP, and DNS. Experimental results show that the incremental Support Vector Machine with Stochastic Gradient Descent algorithm is suitable for the detection method amongst three algorithms, by off-line and on-line accuracy at a low false discovery rate.

AB - Even though the growing adoption of TLS protocol empowers web traffic to secure privacy, attackers also leverage the TLS to evade from detection, and this makes detecting threats from the encrypted traffic a crucial task. In this paper, we propose an effective encrypted malware traffic detection method that maintains sufficient performance level by periodic updates using machine learning. The proposed method employs incremental algorithms trained by 31 flow features from TLS, HTTP, and DNS. Experimental results show that the incremental Support Vector Machine with Stochastic Gradient Descent algorithm is suitable for the detection method amongst three algorithms, by off-line and on-line accuracy at a low false discovery rate.

KW - Encrypted Malware Detection

KW - Incremental Learning

KW - Machine Learning

KW - Transport Layer Security

UR - http://www.scopus.com/inward/record.url?scp=85091532568&partnerID=8YFLogxK

U2 - 10.1109/INFOCOMWKSHPS50562.2020.9162971

DO - 10.1109/INFOCOMWKSHPS50562.2020.9162971

M3 - Conference contribution

AN - SCOPUS:85091532568

T3 - IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020

SP - 1348

EP - 1349

BT - IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 6 July 2020 through 9 July 2020

ER -

Poster abstract: Encrypted malware traffic detection using incremental learning

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this