Vis enkel innførsel

dc.contributor.advisorPetrovic, Slobodan
dc.contributor.authorJenseg, Odin
dc.date.accessioned2019-09-19T14:00:42Z
dc.date.available2019-09-19T14:00:42Z
dc.date.issued2019
dc.identifier.urihttp://hdl.handle.net/11250/2617735
dc.description.abstract
dc.description.abstractThe growth of malware utilizing encrypted channels makes it challenging to detect malicious activity using current Network Intrusion Detection Systems (NIDSs). The current network intrusion detection systems utilize pattern matching algorithms to identify malware artifacts in the network traffic. In Transport Layer Security (TLS) encrypted networks, limited amount of data are available for the NIDS. This obstacle is exploited by malware authors to evade detection. In this thesis, we are looking into using machine learning classification algorithms to recognize malware communication within TLS channels without having to decrypt the network traffic. In the last few years, an increase in research has been looking into solutions for this problem using classification algorithms. We extend the existing research by identifying features in the TLS traffic that is resilient to evasion techniques used by more advanced types of malware. Advanced malware is more problematic to detect with traditional NIDSs since they try to evade these systems by generating traffic that is similar to ordinary corporate traffic. Features identified as resilient towards these evasion techniques are those describing the malware behavior in TLS encrypted traffic. Extracting behavior artifacts are performed with a mature NIDS and Network Security Monitoring (NSM) system called Suricata and Metadata Collector, a tool developed as a part of this thesis. With efficient classification algorithms, we can overcome some major challenges of NIDS face today.
dc.languageeng
dc.publisherNTNU
dc.titleA machine learning approach to detecting malware in TLS traffic using resilient network features
dc.typeMaster thesis


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel