A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers

Oh, Chaeyeon; Ha, Joonseo; Roh, Heejun

doi:10.3390/app12010155

Cited by 9 publications

(3 citation statements)

References 84 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The results demonstrate that bagging got better scores when compared to other meta-learners in terms of accuracy and false positives, whereas other metalearners yielded scores equivalent to non-meta algorithms, with no discernible enhancements. Several surveys have been conducted to summarize ML and DL approaches for NTA [76,91,92,93].…”

Section: A Network Traffic Analysismentioning

confidence: 99%

Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions

et al. 2022

View full text Add to dashboard Cite

Network forensics focuses on the identification and investigation of internal and external network attacks, the reverse engineering of network protocols, and the uninstrumented investigation of networked devices. It lies at the intersection of digital forensics, incident response and network security. Network attacks exploit software and hardware vulnerabilities and communication protocols. The scope of a network forensic investigation can range from Internet-wide down to a single device's network traffic. Network analysis tools (NATs) aid security professionals and law enforcement in the capturing, identification and analysis of network traffic. However, in most instances, the sheer volume of data to be analyzed is enormous and, despite some built-in NAT automation, the investigation of network traffic is often an arduous process. Furthermore, significant expert time remains wasted in the investigation of a high frequency of false positive alerting from automated systems. To address this globally impacting problem, artificial intelligence based approaches are becoming increasingly employed to automatically detect attacks and increase network traffic classification accuracy. This paper provides a comprehensive survey of the state-of-the-art in network forensics and the application of expert systems, machine learning, deep learning, and ensemble/hybrid approaches to a range of application areas in the field. These include network traffic analysis, intrusion detection systems, Internetof-Things devices, cloud forensics, DNS tunneling, smart grid forensics, and vehicle forensics. In addition, the current challenges and future research directions for each of the aforementioned application areas is discussed.

show abstract

Section: A Network Traffic Analysismentioning

confidence: 99%

Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions

et al. 2022

View full text Add to dashboard Cite

show abstract

“…On the other hand, anomaly-based detection analyzes network traffic and identifies abnormal patterns or behavior that deviates from regular network activity [12], [15]. This approach is more effective in detecting unknown attacks, as it does not rely on specific attack www.ijacsa.thesai.org signatures but instead focuses on identifying anomalous behavior [16]. Intrusion detection and prevention system (IDPS) is vital to cybersecurity measures.…”

Section: Introductionmentioning

confidence: 99%

Strengthening Network Security: Evaluation of Intrusion Detection and Prevention Systems Tools in Networking Systems

Prabowo,

Fauziah,

Nahrowi

et al. 2023

IJACSA

View full text Add to dashboard Cite

This study aims to enhance network security by comprehensively evaluating various Intrusion Detection and Prevention Systems tools in networking systems. The objectives of this research were to assess the performance of different IDPS tools in terms of computer resources utilization, Quality of Service metrics namely delay, jitter, throughput, and packet loss, and their effectiveness in countering Distributed Denial of Service attacks, specifically ICMP Flood and SYN Flood. The evaluation used popular IDPS tools, including Snort, Suricata, Zeek, OSSEC, and Honeypot Cowrie. Real attack scenarios were simulated to measure the tools performance. The results indicated CPU and RAM usage variations among the tools, with Snort and Suricata showing efficient resource utilization. Regarding QoS metrics, Snort demonstrated superior performance in delay, jitter, throughput, and packet loss mitigation for both attack types. The implication for further research lies in exploring the optimal configurations and finetuning of IDPS tools to achieve the best possible network security against DDoS attacks. This research provides valuable insights into selecting appropriate IDPS tools for network administrators, cybersecurity professionals, and organizations to fortify their infrastructure against evolving cyber threats.

show abstract

“…Many machine learning and deep learning models are implemented in this study. Such studies include traffic classification [34], encrypted traffic analysis [33], and malicious traffic detection [32].…”

Section: Introductionmentioning

confidence: 99%

A Machine Learning-based Real-time Monitoring System for Classification of Elephant Flows on KOREN

2022

KSII TIIS

View full text Add to dashboard Cite

With the advent and realization of Software Defined Network (SDN) architecture, many organizations are now shifting towards this paradigm. SDN brings more control, higher scalability, and serene elasticity. The SDN spontaneously changes the network configuration according to the dynamic network requirements inside the constrained environments. Therefore, a monitoring system that can monitor the physical and virtual entities is needed to operate this type of network technology with high efficiency and proficiency. In this manuscript, we propose a real-time monitoring system for data collection and visualization that includes the Prometheus, node exporter, and Grafana. A node exporter is configured on the physical devices to collect the physical and virtual entities resources utilization logs. A real-time Prometheus database is configured to collect and store the data from all the exporters. Furthermore, the Grafana is affixed with Prometheus to visualize the current network status and device provisioning. A monitoring system is deployed on the physical infrastructure of the KOREN topology. Data collected by the monitoring system is further pre-processed and restructured into a dataset. A monitoring system is further enhanced by including machine learning techniques applied on the formatted datasets to identify the elephant flows. Additionally, a Random Forest is trained on our generated labeled datasets, and the classification models' performance are verified using accuracy metrics.

show abstract

A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers

Cited by 9 publications

References 84 publications

Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions

Application of Artificial Intelligence to Network Forensics: Survey, Challenges and Future Directions

Strengthening Network Security: Evaluation of Intrusion Detection and Prevention Systems Tools in Networking Systems

A Machine Learning-based Real-time Monitoring System for Classification of Elephant Flows on KOREN

Contact Info

Product

Resources

About