An improved fingerprint matching algorithm to detect malware encrypted traffic based on weighted Bayes

Lei Tao; Liang Gu

doi:10.1117/12.2635865

5 May 2022 An improved fingerprint matching algorithm to detect malware encrypted traffic based on weighted Bayes

Lei Tao, Liang Gu

Proceedings Volume 12245, International Conference on Cryptography, Network Security, and Communication Technology (CNSCT 2022); 122450E (2022) https://doi.org/10.1117/12.2635865
Event: International Conference on Cryptography, Network Security, and Communication Technology (CNSCT 2022), 2022, Sanya, China

Abstract

Traffic security is one of the important topic in cyber security of smart city. With the widespread use of encrypted traffic, more and more malware prefers to use encrypted traffic to transmit malicious information. Since the transmission content is not visible, the traditional detection method based on deep packet inspection is not effective anymore. In this paper, by analyzing the protocol and the sessions of malicious encrypted traffic and benign traffic, a weight naive Bayes-based method for detecting malware encrypted traffic and classifying malware family is proposed. The method construct a hybrid fingerprint for each malware family traffic and benign traffic. First a hybrid fingerprint-based identification is performed to distinguish between malware families and benign applications. Second, a feature generalization method is adopted to improve the robustness of the fingerprint. Finally, for indistinguishable fingerprints, the target host information characteristic, combined weighted Bayesian is used to distinguish different benign applications and malicious families.

Citation Download Citation

Lei Tao and Liang Gu "An improved fingerprint matching algorithm to detect malware encrypted traffic based on weighted Bayes", Proc. SPIE 12245, International Conference on Cryptography, Network Security, and Communication Technology (CNSCT 2022), 122450E (5 May 2022); https://doi.org/10.1117/12.2635865

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
5 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Computer security

Library classification systems

Network security

RELATED CONTENT

Review on identification analysis technology of Internet of things
Proceedings of SPIE (November 10 2022)

Design and implementation of network teaching system based on P2P...
Proceedings of SPIE (September 27 2022)

Research on physical layer security based on cooperative interference
Proceedings of SPIE (October 11 2023)

Low-power low-latency MAC protocol for aeronautical applications
Proceedings of SPIE (May 17 2007)

The epidemic threshold theorem with social and contact heterogeneity
Proceedings of SPIE (March 17 2008)

Selected problems of information security in the local network
Proceedings of SPIE (February 23 2005)

Interworking between IP security and NAT PT under IPv4 IPv6...
Proceedings of SPIE (February 08 2005)

Subscribe to Digital Library

Receive Erratum Email Alert

Keywords/Phrases

Search In:

Publication Years