YoVDO

Detecting Malware Even When It Is Encrypted

Offered By: BruCON Security Conference via YouTube

Tags

BruCON Courses Data Analysis Courses Cybersecurity Courses Machine Learning Courses Feature Extraction Courses Data Aggregation Courses Malware Detection Courses x.509 Certificates Courses

Course Description

Overview

Explore advanced techniques for detecting malware in encrypted HTTPS traffic without decryption in this conference talk from BruCON Security Conference. Delve into a machine learning approach that utilizes Bro IDS logs to analyze network behavior and identify malicious connections. Learn about the 30 different features extracted from flow data, SSL handshakes, and X.509 certificates, and how they are used to create a powerful detection model. Discover the importance of connection 4-tuple aggregation in summarizing malware behavior when connecting to C&C servers. Gain insights into the extensive dataset used for training, including malware samples from CTU-13 and the Stratosphere Malware Capture Facility Project. Understand the challenges and benefits of this privacy-respecting method that maintains the original intent of HTTPS while providing effective malware detection.

Syllabus

Brucon 0x09 - Detecting malware even when it is encrypted - František Střasák


Taught by

BruCON Security Conference

Related Courses

Computer Vision: The Fundamentals
University of California, Berkeley via Coursera Einführung in Computer Vision
Technische Universität München (Technical University of Munich) via Coursera 機器學習技法 (Machine Learning Techniques)
National Taiwan University via Coursera Machine Learning for Musicians and Artists
Goldsmiths University of London via Kadenze Прикладные задачи анализа данных
Moscow Institute of Physics and Technology via Coursera