Event Details

Detection of malicious Encrypted Web Traffic Using Machine Learning

Presenter: Jay Shah
Supervisor:

Date: Wed, October 24, 2018
Time: 12:30:00 - 13:30:00
Place: ECS 660

ABSTRACT

An increasing amount of web traffic is currently encrypted using HTTPS. While most of the HTTPS traffic is legitimate, a growing slice is generated by malware. The use of the HTTPS protocol by malware makes its detection more challenging. The current approach is to detect HTTPS malware traffic by using HTTPS interceptor proxies. This method requires decrypting the traffic on the fly, which poses some threat to the data and communication security and privacy. The goal of this project is to detect HTTPS malicious traffic without decryption. We propose a new detection model that leverages the underlying HTTPS certificate characteristics and connection data that are fed to a machine learning classifier. Our model consists of a set of features extracted from log files generated from the Bro Intrusion Detection System (IDS), which are classified using the XGBoost algorithm. Experimental evaluation is conducted using a public dataset, yielding encouraging results.

Return to global menu.
Return to primary navigation.
Return to secondary navigation.
Return to page content.

Event Details

Detection of malicious Encrypted Web Traffic Using Machine Learning

UVic Electrical & Computer Engineering

UVic Electrical & Computer Engineering