poster feasibility of malware traffic analysis through
play

Poster: Feasibility of Malware Traffic Analysis through - PowerPoint PPT Presentation

Jun 21, 2023 •763 likes •896 views

Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization IEEE International Conference on Network Protocols 2020 October 13-16, 2020 Dongeon Kim, Jihun Han , Jinwoo Lee, Heejun Roh Korea University Sejong Campus,

  1. Poster: Feasibility of Malware Traffic Analysis through TLS-Encrypted Flow Visualization IEEE International Conference on Network Protocols 2020 October 13-16, 2020 Dongeon Kim, Jihun Han , Jinwoo Lee, Heejun Roh Korea University Sejong Campus, Sejong, Republic of Korea Wonjun Lee Korea University, Seoul, Republic of Korea 1

  2. IEEE ICNP 2020 Motivation Encrypted traffic across google Network using TLS encryption is increasing 95% of traffic across google is encrypted 80% of enterprise traffic on the Zscaler cloud in is encrypted https://transparencyreport.google.com/https/overview?hl=en 2

  3. IEEE ICNP 2020 Motivation Deep Packet Inspection Application Data IP TCP ? https://news.sophos.com/en-us/2020/02/18/nearly-a- quarter-of-malware-now-communicates-using-tls 3

  4. IEEE ICNP 2020 Motivation B. Anderson and D. McGrew, “ Identifying encrypted malware traffic with contextual flow data, ” in • Proc. of AISec ’ 16 (co-located with ACM CCS) , Vienna, Austria, October 2016. B. Anderson, S. Paul, and D. McGrew, “ Deciphering malware’s use of TLS (without decryption), ” • Journal of Computer Virology and Hacking Techniques , vol. 14, no. 3, pp. 195 – 211, August 2018. • Require fine-grained feature selection conducted by experts • Need to conduct field-specific preprocessing for message field values 4

  5. IEEE ICNP 2020 Our Proposal: TLS-Encrypted Flow Visualization Image Format of TLS-Encrypted Flow 5

  6. IEEE ICNP 2020 Our Proposal: TLS-Encrypted Flow Visualization • TLS flow metadata have fruitful information to classify encrypted malware traffic • Images can capture small changes yet retain the global message exchange pattern • Different messages of a flow can be easily observed as a colored image 6

  7. IEEE ICNP 2020 Images from Malware Families 7

  8. IEEE ICNP 2020 Feasibility of Malware Traffic Analysis via Images 8

  9. IEEE ICNP 2020 Experimental Results B. Duncan. Malware traffic analysis. [Online]. Available: http:/malware-traffic-analysis.net/ 9

  10. IEEE ICNP 2020 Experimental Results 97% Accuracy in Average 93% Accuracy in Average Resulting confusion matrices 10

  11. IEEE ICNP 2020 Conclusion • Malware using TLS will continue to increase in the future • There needs to be new method to detect malware using TLS • Both SVM and CNN had high accuracy, even though the images do not have similar patterns 11

Recommend

Anomaly Detection Algorithms for Malware Traffic Analysis using Tamper Resistant Features Dr.

Anomaly Detection Algorithms for Malware Traffic Analysis using Tamper Resistant Features Dr.

Anomaly Detection Algorithms for Malware Traffic Analysis using Tamper Resistant Features Dr. Patrick McDaniel Berkay Celik Fall 2015 Introduction Motivation Related Work Data Approach Experimental Results Comparison

391 views • 25 slides
Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal

Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis Paul Royal paul@gtisc.gatech.edu Agenda Modern Malware Obfuscations, Server-side Polymorphism, Collection Volume Malware Analysis Detection

504 views • 27 slides
GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI

GOODWARE DRUGS FOR MALWARE: ON-THE-FLY MALWARE ANALYSIS AND CONTAINMENT DAMIANO BOLZONI CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS AGENDA Something about malware Malware internals Current analysis

398 views • 27 slides
using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No.

Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No.

IBAC 2017 Haridwar, India Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No. 41-80: Poster session-2 (Tuesday, 10 October, 2017) P. Title of abstract Presenter Affiliation No Effect of traffic

643 views • 6 slides
Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that

Getting started with malware analysis Judith van Stegeren Definitions Malware : any software that does something that causes harm to a user, computer or network, including viruses, trojan horses, worms, rootkits, scareware and spyware. Malware

119 views • 9 slides
A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND

A CUCKOOS EGG IN THE MALWARE NEST ON-THE-FLY SIGNATURE-LESS MALWARE ANALYSIS, DETECTION AND CONTAINMENT FOR LARGE NETWORKS CHRISTIAAN SCHADE TWENTE SECURITY LAB UNIVERSITY OF TWENTE THE NETHERLANDS MALWARE WARS In the last

313 views • 14 slides
Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal and Wenke Lee College of Computing Georgia Institute of Technology Agenda l Background l Defeating Automated Malware Analysis Host

1.28k views • 28 slides
CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk07.2 Malware Research Online Coleman Kane kaneca@mail.uc.edu February 22, 2018 Exploring the Online Ecosystem One nice aspect of malware analysis is that, since much of it originates online and

119 views • 10 slides
CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane

CS7038 - Malware Analysis - Wk03.1 Malware Taxonomy and Terminology Coleman Kane kaneca@mail.uc.edu January 24, 2017 Why Classification is Important Malware classification helps us in multiple ways. Here are a couple key ways:

787 views • 16 slides
Technical feasibility of Segment Routing Traffic Engineering to steer traffic through VNFs

Technical feasibility of Segment Routing Traffic Engineering to steer traffic through VNFs

R. van der Gaag, M. Slotboom Technical feasibility of Segment Routing Traffic Engineering to steer traffic through VNFs Research Project 1 SURF is the collaborative ICT organisation for Dutch education and research. - Education institutions

462 views • 14 slides
MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me

MazeWalker Enriching static malware analysis and more Yevgeny Kulakov @p_h_0_e_n_i_x About Me Malware RE @ Trusteer, IBM, Seculert binary analysis automation sandbox development Now in vEYE Security on software container

591 views • 48 slides
How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement

How does Malware Use RDTSC? A Study on Operations Executed by Malware with CPU Cycle Measurement Yoshihiro Oyama University of Tsukuba 1 Background Many malware programs execute operations for analysis evasion Detection of

346 views • 31 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev

Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev

Examples of modern malware Malware Analysis Seminar Meeting 7 Cody Cutler, Anton Burtsev Stuxnet (2009) Organization Core a large .dll file 2 encrypted configuration files Dropper component Core in a stub section

703 views • 43 slides
T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide

T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide

T owards Network Containment in Malware Analysis Systems Mariano Graziano, Corrado Leita, Davide Balzarotti ACSAC, Orlando, Florida, 3-7 December 2012 Malware Analysis Scenario Analysis based on Sandboxes (API Hooking, Emulation)

798 views • 23 slides
Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware

Anti-anti-malware (part 3) / Stack Smashing 1 last time various kinds of armored malware malware that evades analysis 2 logistics: LEX homework detect push ret pattern using fmex probably easier than TRICKY 3 upcoming exam next Wednesday

496 views • 48 slides
Poster A1 Poster A2 Poster A3 Poster A4 Poster A5 Poster A6 Investigation of a passive

Poster A1 Poster A2 Poster A3 Poster A4 Poster A5 Poster A6 Investigation of a passive

Poster A1 Poster A2 Poster A3 Poster A4 Poster A5 Poster A6 Investigation of a passive inter-limb device on step-to- step transition of human walking J Zhang: Queens University, Canada Q Li: Queens University, Canada A passive

734 views • 28 slides
Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim

Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim

Malware analysis using visualized images and entropy graphs Kyoung Soo Han Jae Hyun Lim Boojoong Kang Eul Gyu Im Presented by Ruikai Zheng CISC850 Cyber Analytics 1.Introduction Malware variants developed using automated tools

206 views • 20 slides
POSTER PRESENTATION & POSTER DESIGN GUIDELINES PRESENTING YOUR POSTER The poster sessions

POSTER PRESENTATION & POSTER DESIGN GUIDELINES PRESENTING YOUR POSTER The poster sessions

POSTER PRESENTATION & POSTER DESIGN GUIDELINES PRESENTING YOUR POSTER The poster sessions are scheduled for presentation in the main exhibitors area where lunch and morning and afternoon breaks are held. The poster boards will be position

347 views • 3 slides
Agenda What is Cyber Threat Intelligence (CTI) Sandbox Malware analysis Debugger

Agenda What is Cyber Threat Intelligence (CTI) Sandbox Malware analysis Debugger

PUBLIC Agenda What is Cyber Threat Intelligence (CTI) Sandbox Malware analysis Debugger Malware analysis Static RE with IDA pro Arme suisse EPFL 2019 2 Base daide au commandement BAC Applied Cyber Threat Intelligence

765 views • 63 slides
Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin Netpy visualization with Wisconsin Netpy Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 19 December 2005 Traffic

345 views • 18 slides
Helping Johnny To Analyze Malware : A Usability-Optimized Decompiler and Malware Analysis User

Helping Johnny To Analyze Malware : A Usability-Optimized Decompiler and Malware Analysis User

Helping Johnny To Analyze Malware : A Usability-Optimized Decompiler and Malware Analysis User Study Khaled Yakdan Sergej Dechand Matthew Smith Elmar Gerhards-Padilla Fraunhofer FKIE University of Bonn University of Bonn University of Bonn

426 views • 19 slides

More recommend