Affiliation:
1. National Central University, Taiwan
2. Chunghwa Telecommunication Laboratories, Taiwan
Abstract
As the application of network encryption technology expands, malicious attacks will also be protected by encryption mechanism, increasing the difficulty of detection. This paper focuses on the analysis of encrypted traffic in the network by hosting long-day encrypted traffic, coupled with a weighted algorithm commonly used in information retrieval and SSL/TLS fingerprint to detect malicious encrypted links. The experimental results show that the system proposed in this paper can identify potential malicious SSL/TLS fingerprints and malicious IP which cannot be recognized by other external threat information providers. The network packet decryption is not required to help clarify the full picture of the security incident and provide the basis of digital identification. Finally, the new threat intelligence obtained from the correlation analysis of this paper can be applied to regional joint defense or intelligence exchange between organizations. In addition, the framework adopts Google cloud platform and microservice technology to form an integrated serverless computing architecture.
Subject
Computer Networks and Communications
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Malicious Encryption Traffic Detection Based on Improved Convolutional Neural Network;2023 3rd International Conference on Mobile Networks and Wireless Communications (ICMNWC);2023-12-04
2. Exploration on Malicious Encrypted Traffic Classification Based on Deep Learning;2023 International Conference on Ambient Intelligence, Knowledge Informatics and Industrial Electronics (AIKIIE);2023-11-02
3. Design and Implementation of Cloud Computing Network Security Virtual Computing and Defense Technology;Security and Communication Networks;2022-08-30