Malware Detection by Analysing Encrypted Network Traffic with Neural Networks
Abstract
We study the problem of detecting malware on client computers based on the analysis of HTTPS traffic. Here, malware has to be detected based on the host address, timestamps, and data volume information of the computer’s network traffic. We develop a scalable protocol that allows us to collect network flows of known malicious and benign applications as training data and derive a malware-detection method based on a neural embedding of domain names and a long short-term memory network that processes network flows. We study the method’s ability to detect new malware in a large-scale empirical study.
Cite
Text
Prasse et al. "Malware Detection by Analysing Encrypted Network Traffic with Neural Networks." European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases, 2017. doi:10.1007/978-3-319-71246-8_5Markdown
[Prasse et al. "Malware Detection by Analysing Encrypted Network Traffic with Neural Networks." European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases, 2017.](https://mlanthology.org/ecmlpkdd/2017/prasse2017ecmlpkdd-malware/) doi:10.1007/978-3-319-71246-8_5BibTeX
@inproceedings{prasse2017ecmlpkdd-malware,
title = {{Malware Detection by Analysing Encrypted Network Traffic with Neural Networks}},
author = {Prasse, Paul and Machlica, Lukás and Pevný, Tomás and Havelka, Jirí and Scheffer, Tobias},
booktitle = {European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases},
year = {2017},
pages = {73-88},
doi = {10.1007/978-3-319-71246-8_5},
url = {https://mlanthology.org/ecmlpkdd/2017/prasse2017ecmlpkdd-malware/}
}