Malware Traffic Classification: Evaluation of Algorithms and an Automated Ground-truth Generation Pipeline

Identifying threats in a network traffic flow which is encrypted is uniquely challenging. On one hand it is extremely difficult to simply decrypt the traffic due to modern encryption algorithms. On the other hand, passing such an encrypted stream through pattern matching algorithms is useless because encryption ensures there aren't any. Moreover, evaluating such models is also difficult due to lack of labeled benign and malware datasets. Other approaches have tried to tackle this problem by employing observable meta-data gathered from the flow. We try to augment this approach by extending it to a semi-supervised malware classification pipeline using these observable meta-data. To this end, we explore and test different kind of clustering approaches which make use of unique and diverse set of features extracted from this observable meta-data. We also, propose an automated packet data-labeling pipeline to generate ground-truth data which can serve as a base-line to evaluate the classifiers mentioned above in particular, or any other detection model in general.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
09/23/2021

A Framework for Cluster and Classifier Evaluation in the Absence of Reference Labels

In some problem spaces, the high cost of obtaining ground truth labels n...
research
04/02/2019

MalPaCA: Malware Packet Sequence Clustering and Analysis

Malware family characterization is a challenging problem because ground-...
research
08/15/2022

A Pipeline for DNS-Based Software Fingerprinting

In this paper, we present the modular design and implementation of DONUT...
research
06/21/2019

Joint Detection of Malicious Domains and Infected Clients

Detection of malware-infected computers and detection of malicious web d...
research
09/16/2019

Encrypted and Covert DNS Queries for Botnets: Challenges and Countermeasures

There is a continuous increase in the sophistication that modern malware...
research
07/27/2019

Discovering Encrypted Bot and Ransomware Payloads Through Memory Inspection Without A Priori Knowledge

Malware writers frequently try to hide the activities of their agents wi...

Please sign up or login with your details

Forgot password? Click here to reset