research-article

A Machine Learning-Based Framework for Detecting Malicious HTTPS Traffic

Authors:

Nguyen KhanhAuthors Info & Claims

SOICT '23: Proceedings of the 12th International Symposium on Information and Communication Technology

Pages 769 - 776

https://doi.org/10.1145/3628797.3628874

Published: 07 December 2023 Publication History

Get Access

Abstract

Malicious traffic detection plays an essential role for Network Operators to prevent attackers from manipulating the network systems. In the past, many Network Intrusion Detection Systems (e.g., Snort, etc.) were designed to inspect the packets using pre-defined rules in order to identify the malicious traffic. Despite achieving good performance in the context of non-encrypted traffic, these systems are ineffective nowadays due to encrypted traffic (e.g., HTTPS, QUIC, etc.) and complex network behaviors of compromised computers. Therefore, many studies focus on malicious traffic detection mechanisms using Machine Learning (ML), which analyzes flow-based features using ML algorithms to detect the traffic generated by malware. There are two main kinds of features for malicious traffic detection containing protocol-agnostic features and TLS/SSL features. Using all these features can result in high time complexity and performance degradation, so it cannot meet the real-time requirement of the Intrusion Detection Systems. Therefore, in this paper, we take into account different kinds of flow-based features and implement a feature selection to select an appropriate feature set to improve the detection accuracy and execution time for malicious traffic detection. Besides, the proposed framework is evaluated using various datasets: CTU-13, MCFP, and CIC-AndMal201. The experimental results show that the framework can achieve an accuracy of 99 percent in considered scenarios.

References

[1]

Blake Anderson and David McGrew. 2016. Identifying Encrypted Malware Traffic with Contextual Flow Data. In Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security (Vienna, Austria) (AISec ’16). Association for Computing Machinery, New York, NY, USA, 35–46. https://doi.org/10.1145/2996758.2996768

Digital Library

Google Scholar

[2]

Blake Anderson and David McGrew. 2017. Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity. In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (Halifax, NS, Canada) (KDD ’17). Association for Computing Machinery, New York, NY, USA, 1723–1732. https://doi.org/10.1145/3097983.3098163

Digital Library

Google Scholar

[3]

Blake Anderson, Subharthi Paul, and David McGrew. 2018. Deciphering malware’s use of TLS (without decryption). Journal of Computer Virology and Hacking Techniques 14 (2018), 195–211. https://doi.org/10.1007/s11416-017-0306-6

Crossref

Google Scholar

[4]

Czech Republic CTU University. 2018. MCFP dataset. https://www.stratosphereips.org/datasets-malware

Google Scholar

[5]

Zhuoqun Fu, Mingxuan Liu, Yue Qin, Jia Zhang, Yuan Zou, Qilei Yin, Qi Li, and Haixin Duan. 2022. Encrypted Malware Traffic Detection via Graph-Based Network Analysis. In Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (Limassol, Cyprus) (RAID ’22). Association for Computing Machinery, New York, NY, USA, 495–509. https://doi.org/10.1145/3545948.3545983

Digital Library

Google Scholar

[6]

S. García, M. Grill, J. Stiborek, and A. Zunino. 2014. An empirical comparison of botnet detection methods. Computers and Security 45 (2014), 100–123. https://doi.org/10.1016/j.cose.2014.05.011

Digital Library

Google Scholar

[7]

Arash Habibi Lashkari, Andi Fitriah A. Kadir, Laya Taheri, and Ali A. Ghorbani. 2018. Toward Developing a Systematic Approach to Generate Benchmark Android Malware Datasets and Classification. In 2018 International Carnahan Conference on Security Technology (ICCST). 1–7. https://doi.org/10.1109/CCST.2018.8585560

Crossref

Google Scholar

[8]

Chencheng Ma, Yanhua Du, and Lifeng Cao. 2020. Improved KNN Algorithm for Fine-Grained Classification of Encrypted Network Flow. Electronics 9, 2 (Feb. 2020). https://doi.org/10.3390/electronics9020324

Crossref

Google Scholar

[9]

Masataka Nakahara., Norihiro Okui., Yasuaki Kobayashi., and Yutaka Miyake.2020. Machine Learning based Malware Traffic Detection on IoT Devices using Summarized Packet Data. In Proceedings of the 5th International Conference on Internet of Things, Big Data and Security - IoTBDS. INSTICC, SciTePress, 78–87. https://doi.org/10.5220/0009345300780087

Crossref

Google Scholar

[10]

Debmalya Sarkar, P. Vinod, and Suleiman Y. Yerima. 2020. Detection of Tor Traffic using Deep Learning. In 2020 IEEE/ACS 17th International Conference on Computer Systems and Applications (AICCSA). https://doi.org/10.1109/AICCSA50499.2020.9316533

Crossref

Google Scholar

[11]

Anish Singh Shekhawat, Fabio Di Troia, and Mark Stamp. 2019. Feature analysis of encrypted malicious traffic. Expert Systems with Applications 125 (2019), 130–141. https://doi.org/10.1016/j.eswa.2019.01.064

Digital Library

Google Scholar

[12]

George Stergiopoulos, Alexander Talavari, Evangelos Bitsikas, and Dimitris Gritzalis. 2018. Automatic Detection of Various Malicious Traffic Using Side Channel Features on TCP Packets. In Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018, Barcelona, Spain, September 3-7, 2018, Proceedings, Part I (Barcelona, Spain). Springer-Verlag, Berlin, Heidelberg, 346–362. https://doi.org/10.1007/978-3-319-99073-6_17

Digital Library

Google Scholar

Cited By

View all

Rustam FShafique RPosa SJurcut A(2024)Malicious Traffic Detection in Multi-Environment Network Using Dual-Data Trained LightGBM Approach2024 IEEE 21st International Conference on Mobile Ad-Hoc and Smart Systems (MASS)10.1109/MASS62177.2024.00095(598-603)Online publication date: 23-Sep-2024
https://doi.org/10.1109/MASS62177.2024.00095

Index Terms

A Machine Learning-Based Framework for Detecting Malicious HTTPS Traffic
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

Opcode sequences as representation of executables for data-mining-based unknown malware detection

Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a ...
A static heuristic approach to detecting malware targets

Nowadays malware writers usually employ several obfuscation techniques to evade detection. The number of variants detected each day has been increasing significantly. Unfortunately traditional detection approaches such as signature scanning are becoming ...
Malware detection using adaptive data compression
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec

A popular approach in current commercial anti-malware software detects malicious programs by searching in the code of programs for scan strings that are byte sequences indicative of malicious code. The scan strings, also known as the signatures of ...

Comments

Information & Contributors

Information

Published In

SOICT '23: Proceedings of the 12th International Symposium on Information and Communication Technology

December 2023

1058 pages

ISBN:9798400708916

DOI:10.1145/3628797

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 December 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

SOICT 2023

SOICT 2023: The 12th International Symposium on Information and Communication Technology

December 7 - 8, 2023

Ho Chi Minh, Vietnam

Acceptance Rates

Overall Acceptance Rate 147 of 318 submissions, 46%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
118
Total Downloads

Downloads (Last 12 months)87
Downloads (Last 6 weeks)10

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rustam FShafique RPosa SJurcut A(2024)Malicious Traffic Detection in Multi-Environment Network Using Dual-Data Trained LightGBM Approach2024 IEEE 21st International Conference on Mobile Ad-Hoc and Smart Systems (MASS)10.1109/MASS62177.2024.00095(598-603)Online publication date: 23-Sep-2024
https://doi.org/10.1109/MASS62177.2024.00095

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Abstract

References

Cited By

Index Terms

Recommendations

Opcode sequences as representation of executables for data-mining-based unknown malware detection

A static heuristic approach to detecting malware targets

Malware detection using adaptive data compression

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

HTML Format

Share

Share this Publication link

Share on social media

Affiliations