Malicious Encrypted Network Traffic Identification Using Fourier Transform

  • Published: Sep 22, 2016
  • Earliest Priority: Mar 17 2015
  • Family: 4
  • Cited Works: 0
  • Cited by: 3
  • Cites: 5
  • Additional Info: Full text
Abstract

A method for identifying malicious encrypted network traffic communicated via a network between a first and second computer system, the method comprising: monitoring network traffic over the network to detect a network connection as a new network connection; identifying characteristics of the network connection to determine a protocol of the network connection; retrieving a definition of a portion of network traffic for a network connection based on the determined protocol; evaluating Fourier transform coefficient values for each of a plurality of bytes in a portion of network traffic of the new network connection based on the retrieved definition; and comparing the evaluated coefficient values with a dictionary of one or more reference sets of coefficients, each of the one or more reference sets of coefficients being associated with a portion of network traffic of a malicious encrypted network connection, so as to determine if malicious encrypted network traffic is communicated over the network connection.


Claims

Download Citation


Sign in to the Lens

Feedback