Table of Content

Open Access iconOpen Access

ARTICLE

MalDetect: A Structure of Encrypted Malware Traffic Detection

by Jiyuan Liu, Yingzhi Zeng, Jiangyong Shi, Yuexiang Yang, Rui Wang, Liangzhong He

Student of College of Computer, National University of Defense Technology, Hunan, China.
Faculty of College of Computer, National University of Defense Technology, Hunan, China.
CEO of AppBugs Inc, USA.
Faculty of China Mobile (Su Zhou) Software Technology Co., Ltd.

* Corresponding Author: Yuexiang Yang. Email: email.

Computers, Materials & Continua 2019, 60(2), 721-739. https://doi.org/10.32604/cmc.2019.05610

Abstract

Recently, TLS protocol has been widely used to secure the application data carried in network traffic. It becomes more difficult for attackers to decipher messages through capturing the traffic generated from communications of hosts. On the other hand, malwares adopt TLS protocol when accessing to internet, which makes most malware traffic detection methods, such as DPI (Deep Packet Inspection), ineffective. Some literatures use statistical method with extracting the observable data fields exposed in TLS connections to train machine learning classifiers so as to infer whether a traffic flow is malware or not. However, most of them adopt the features based on the complete flow, such as flow duration, but seldom consider that the detection result should be given out as soon as possible. In this paper, we propose MalDetect, a structure of encrypted malware traffic detection. MalDetect only extracts features from approximately 8 packets (the number varies in different flows) at the beginning of traffic flows, which makes it capable of detecting malware traffic before the malware behaviors take practical impacts. In addition, observing that it is inefficient and time-consuming to re-train the offline classifier when new flow samples arrive, we deploy Online Random Forest in MalDetect. This enables the classifier to update its parameters in online mode and gets rid of the re-training process. MalDetect is coded in C++ language and open in Github. Furthermore, MalDetect is thoroughly evaluated from three aspects: effectiveness, timeliness and performance.

Keywords


Cite This Article

APA Style
Liu, J., Zeng, Y., Shi, J., Yang, Y., Wang, R. et al. (2019). Maldetect: A structure of encrypted malware traffic detection. Computers, Materials & Continua, 60(2), 721-739. https://doi.org/10.32604/cmc.2019.05610
Vancouver Style
Liu J, Zeng Y, Shi J, Yang Y, Wang R, He L. Maldetect: A structure of encrypted malware traffic detection. Comput Mater Contin. 2019;60(2):721-739 https://doi.org/10.32604/cmc.2019.05610
IEEE Style
J. Liu, Y. Zeng, J. Shi, Y. Yang, R. Wang, and L. He, “MalDetect: A Structure of Encrypted Malware Traffic Detection,” Comput. Mater. Contin., vol. 60, no. 2, pp. 721-739, 2019. https://doi.org/10.32604/cmc.2019.05610

Citations




cc Copyright © 2019 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 3982

    View

  • 2760

    Download

  • 0

    Like

Related articles

Share Link