scholarly journals A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers

2021 ◽  
Vol 12 (1) ◽  
pp. 155
Author(s):  
Chaeyeon Oh ◽  
Joonseo Ha ◽  
Heejun Roh
Keyword(s):  
Network Traffic ◽  
State Of The Art ◽  
Critical Issue ◽  
Traffic Analysis ◽  
The State ◽  
Transport Layer ◽  
Network Traffic Analysis ◽  
Art Methods ◽  
Pros And Cons ◽  
Security Operations

Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.

scholarly journals A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

2021 ◽  
Vol 54 (6) ◽  
pp. 1-35
Author(s):  
Eva Papadogiannaki ◽  
Sotiris Ioannidis
Keyword(s):  
Network Traffic ◽  
State Of The Art ◽  
Traffic Analysis ◽  
Research Community ◽  
The Internet ◽  
Secure Communications ◽  
User Privacy ◽  
Analysis Techniques ◽  
Network Traffic Analysis ◽  
Wide Domain

The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure communications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.

Net_Watch: A Tool for Network Traffic Analysis

2020 ◽  
Author(s):  
Sumit Kumari ◽  
Neetu Sharma ◽  
Prashant Ahlawat
Keyword(s):  
Network Traffic ◽  
Traffic Analysis ◽  
Network Traffic Analysis

scholarly journals User Profiling Using Smartphone Network Traffic Analysis

2021 ◽  
Author(s):  
Ayush Bahuguna ◽  
Ankit Agrawal ◽  
Ashutosh Bhatia ◽  
Kamlesh Tiwari ◽  
Deepak Vishwakarma
Keyword(s):  
Network Traffic ◽  
Traffic Analysis ◽  
User Profiling ◽  
Network Traffic Analysis

scholarly journals Network traffic analysis and evaluation of a multi-user virtual environment

2012 ◽  
Vol 26 ◽  
pp. 1-15 ◽  
Author(s):  
Juan L. Font ◽  
Daniel Cascado ◽  
José L. Sevillano ◽  
Fernando Díaz del Río ◽  
Gabriel Jiménez
Keyword(s):  
Virtual Environment ◽  
Network Traffic ◽  
Traffic Analysis ◽  
Analysis And Evaluation ◽  
Network Traffic Analysis
Sign in / Sign up

Export Citation Format

Share Document