Internet Archive Scholar

A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers

Chaeyeon Oh, Joonseo Ha, Heejun Roh
2021 Applied Sciences  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (829.7 kB)
https://web.archive.org/web/20220126130243/https://mdpi-res.com/d_attachment/applsci/applsci-12-00155/article_deploy/applsci-12-00155.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful
more » ... rmation from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.
doi:10.3390/app12010155 fatcat:kdkvmdkbareb7cxgy7er7ncday
DOAJ
Citation

Chaeyeon Oh, Joonseo Ha, Heejun Roh. "A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers." Applied Sciences 12.1 (2021) 155