Detecting Malware Even When It Is Encrypted
Offered By: BruCON Security Conference via YouTube
Course Description
Overview
Explore advanced techniques for detecting malware in encrypted HTTPS traffic without decryption in this conference talk from BruCON Security Conference. Delve into a machine learning approach that utilizes Bro IDS logs to analyze network behavior and identify malicious connections. Learn about the 30 different features extracted from flow data, SSL handshakes, and X.509 certificates, and how they are used to create a powerful detection model. Discover the importance of connection 4-tuple aggregation in summarizing malware behavior when connecting to C&C servers. Gain insights into the extensive dataset used for training, including malware samples from CTU-13 and the Stratosphere Malware Capture Facility Project. Understand the challenges and benefits of this privacy-respecting method that maintains the original intent of HTTPS while providing effective malware detection.
Syllabus
Brucon 0x09 - Detecting malware even when it is encrypted - František Střasák
Taught by
BruCON Security Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network