Abstract:
In the last decade, the adoption of HTTPS for securing Internet communications increased by up to 90%. Threat actors adapted to this transition to HTTPS by writing more s...View moreMetadata
Abstract:
In the last decade, the adoption of HTTPS for securing Internet communications increased by up to 90%. Threat actors adapted to this transition to HTTPS by writing more sophisticated malware that encrypt their communications with command-and-control centers. On the other hand, network security appliances are limited by the impossibility of inspecting packet payloads for deeper investigations. In this paper, we propose a cybersecurity analytics which monitors encrypted network flows and extracts features to detect possible occurring attacks and anomalies, by combining machine learning with a statistical approach. The analytics is embedded in a network security monitoring platform, named ararnis
®
, which provides cybersecurity analysts with a comprehensive overview of the monitored network and its traffic to support them in the identification of potentially malicious activities taking place. The detection capabilities of the proposed analytics have been tested both on a benign and a malicious dataset. This latter has been assembled by our security analysts and includes packet captures of samples and tools, respectively, developed and used by worldwide leading threat actors. Results show 96.6% accuracy on the malicious dataset, with a false positive rate approximatively equal to 0.001% when the analytics monitors legitimate encrypted network traffic.
Date of Conference: 05-07 December 2021
Date Added to IEEE Xplore: 24 January 2022
ISBN Information: