Profiling For Malicious Encrypted Network Traffic Identification

  • Published: Sep 3, 2015
  • Earliest Priority: Feb 28 2014
  • Family: 4
  • Cited Works: 3
  • Cited by: 6
  • Cites: 4
  • Additional Info: Cited Works Full text
Abstract

A malicious encrypted traffic detector connected to a computer network method for identifying malicious encrypted network traffic communicated via a computer network, the method comprising: a storage storing a plurality of network traffic window definitions, each window defining a different subset of network traffic for a network connection; an analyser adapted to identify characteristics of a network connection to determine a protocol of a network connection; a network traffic recorder adapted to record a subset of network traffic corresponding to a window of network traffic; an entropy estimator adapted to evaluate an estimated measure of entropy for a portion of network traffic of a network connection recorded by the network traffic recorder; and a window selector adapted to identify and store a window as a portion of a network connection for which an estimated measure of entropy is most similar for a plurality of network connections, the identified window being stored in association with an identifier of a protocol determined by the analyser and in association with an identifier of a malicious software component establishing the network connections for communication of malicious encrypted network traffic.


Claims
Download PDF
Document Preview
Document History
  • Publication: Sep 3, 2015
  • Application: Feb 16, 2015
    WO GB 2015050431 W
  • Priority: Feb 28, 2014
    EP EP 14250030 A

Download Citation


Sign in to the Lens

Feedback