Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ojroques/tls-malware-detection

The report of a supervised classifier to detect malware in TLS traffic
https://github.com/ojroques/tls-malware-detection

classifier malware-detection msc-project msc-thesis tls

Last synced: 26 days ago
JSON representation

The report of a supervised classifier to detect malware in TLS traffic

Host: GitHub
URL: https://github.com/ojroques/tls-malware-detection
Owner: ojroques
Created: 2019-09-14T10:09:41.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2019-10-21T17:08:00.000Z (about 5 years ago)
Last Synced: 2023-02-28T00:05:34.777Z (over 1 year ago)
Topics: classifier, malware-detection, msc-project, msc-thesis, tls
Homepage:
Size: 3.99 MB
Stars: 16
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Detection of Malware in TLS Traffic

My MSc project for the [MSc in Computing (Security and Reliability)](http://www.imperial.ac.uk/computing/prospective-students/courses/pg/msc-specialist-degrees/sr/) of Imperial College London was on the detection of malware in TLS traffic. It was supported by [Lastline](https://www.lastline.com), a security company based in the US. My supervisors were [Sergio Maffeis](https://www.doc.ic.ac.uk/~maffeis/) (Imperial College) and [Marco Cova](http://marcocova.net/) (Lastline).

This repository contains the report and the presentation of the project. Unfortunately the source files of the classifier are not available but the malware dataset is: [**link to the malware dataset**](https://drive.google.com/drive/folders/1TfRz6q65wPaiuB4D9qmyfCxoJ8zEBUQY)

## Abstract
The use of encryption on the Internet has spread rapidly these last years, a trend encouraged by the growing concerns about online privacy. TLS (*Transport Layer Security*), the standard protocol for packet encryption, is now implemented by every major websites to protect users' messages, transactions and credentials. However cybercriminals have started to incorporate TLS into their activities. An increasing number of malware leverage TLS encryption to hide their communications and to exfiltrate data to their command server, effectively bypassing traditional detection platforms.

The goal of this project is to design and implement an effective alternative to the unpractical method of decrypting TLS packets' payload before looking for signs of malware activity. This work presents a highly accurate supervised classifier that can detect malicious TLS flows in a company's network traffic based on a set of features related to TLS, certificates and flow metadata. The classifier was trained on curated datasets of benign and malware observations, which were extracted from capture files thanks to a set of tools specially developed for this purpose.