ATG seminar series presents
Detection of malicious servers using HTTPS protocol in communication with their clients
by Tomáš Komárek
Time: Wednesday, January 20 at 14:30 in room KN:205
HTTPS network protocol ensuring encrypted communication between clients and servers is growing in popularity. Websites such as Google, Facebook, LinkedIn, and Twitter, already use HTTPS as a default communication protocol and the trend seems to be continuing. While the protocol is originally designed to provide security and privacy, it also becomes misused by malware to hide malicious activity in the network. HTTPS makes difficult to detect an infected host in the network as metadata stored about an encrypted communication between the host and a malicious server is poor. Typically, only the information about transferred volumes and timing is available. Hence a traditional approach classifying on the level of individual records is not sufficient. The presentation will describe and discuss an experiment where a new representation of the communication is constructed in order to detect suspicious servers.