Unsupervised Detection and Clustering of Malicious TLS Flows

Gomez, Gibran; Kotzias, Platon; Dell’Amico, Matteo; Bilge, Leyla; Caballero, Juan

doi:10.1155/2023/3676692

Cited by 3 publications

(1 citation statement)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Feature engineering techniques, essential in this context, were used to derive meaningful features from raw data, thus facilitating more accurate and efficient model training [10]. Additionally, unsupervised learning approaches, such as clustering, were employed to identify outliers in network traffic that could signify the presence of ransomware [11], [12]. The integration of anomaly detection mechanisms enabled the rapid identification of deviations from normal behavior patterns, further reinforcing the detection framework [13], [14].…”

Section: A Machine Learning Approachesmentioning

confidence: 99%

Federated Learning-Based Ransomware Detection via Indicators of Compromise

Koike,

Tanaka,

Maeda

2024

Preprint

View full text Add to dashboard Cite

Ransomware attacks have become increasingly prevalent and sophisticated, posing significant threats to data security and organizational operations worldwide. Leveraging a federated learning-based approach, this research presents a novel and significant advancement in ransomware detection by utilizing network and file system indicators of compromise while ensuring data privacy. The methodology involves the decentralized training of machine learning models across multiple clients, which enhances the model's robustness and adaptability to various ransomware attack scenarios. Extensive experiments and evaluations demonstrate the high accuracy, precision, recall, and F1-scores achieved by the proposed model, showcasing its effectiveness in real-world applications. The innovative combination of preprocessing, feature engineering, and sophisticated machine learning techniques within a federated learning framework results in a scalable and privacy-preserving solution capable of addressing the dynamic and evolving landscape of ransomware threats. This study contributes valuable insights into the development of effective ransomware detection systems, emphasizing the importance of collaborative and decentralized learning techniques in enhancing cybersecurity defenses.

show abstract

Section: A Machine Learning Approachesmentioning

confidence: 99%

Federated Learning-Based Ransomware Detection via Indicators of Compromise

Koike,

Tanaka,

Maeda

2024

Preprint

View full text Add to dashboard Cite

show abstract

Malicious Encrypted Traffic Detection Method Based on Spatial-Temporal Features and Cost Sensitivity

Cai,

Wu,

Liu

et al. 2024

2024 9th International Conference on Electronic Technology and Information Science (ICETIS)

View full text Add to dashboard Cite

Encrypted malware detection methodology without decryption using deep learning-based approaches

Singh,

Bhatia

et al. 2024

Turkish Journal of Engineering

View full text Add to dashboard Cite

The worldwide encrypted or https traffic on Internet accounts for the safe and secure communication between users and servers. However, cyber attackers are also exploiting https traffic to disguise their malignant activities. Detection of network threats in https traffic is a tiresome task for security experts owing to the convoluted nature of encrypted traffic on the web. Conventional detection techniques decrypt the network content, check it for threats, re-encrypt the network content, and then send it to the server. This approach jeopardizes the integrity of enciphering and the user’s secrecy and safety. In recent time, deep learning (DL) has emerged as one of the most fruitful AI methods that diminishes the manual resolution of features to enhance classification accuracy. A DL based strategy is suggested for recognition of threat in encrypted communication without using decryption. The three DL algorithms, as used by the proposed approach are, multilayer perceptron (MLP), long short-term memory (LSTM) and 1-D convolutional neural network (1-D CNN), which are experimented on the CTU-13 malware dataset containing flow-based attributes of network traffic. The outcome of the experiment exhibits that MLP based approach performs better in comparison to 1-D CNN and LSTM based ones and other existing approaches. Thus, the secrecy of the data is maintained and the capability of identifying threats in encrypted communication is augmented.

show abstract

Unsupervised Detection and Clustering of Malicious TLS Flows

Cited by 3 publications

References 20 publications

Federated Learning-Based Ransomware Detection via Indicators of Compromise

Federated Learning-Based Ransomware Detection via Indicators of Compromise

Malicious Encrypted Traffic Detection Method Based on Spatial-Temporal Features and Cost Sensitivity

Encrypted malware detection methodology without decryption using deep learning-based approaches

Contact Info

Product

Resources

About