Cloud Computing for Malicious Encrypted Traffic Analysis and Collaboration

IF 0.6 Q4 COMPUTER SCIENCE, THEORY & METHODS International Journal of Grid and High Performance Computing Pub Date : 2021-01-01 DOI:10.4018/IJGHPC.2021070102

Tzung-Han Jeng, Wen-Yang Luo, Chuan-Chiang Huang, Chien-Chih Chen, Kuang-Hung Chang, Yi-Ming Chen

{"title":"Cloud Computing for Malicious Encrypted Traffic Analysis and Collaboration","authors":"Tzung-Han Jeng, Wen-Yang Luo, Chuan-Chiang Huang, Chien-Chih Chen, Kuang-Hung Chang, Yi-Ming Chen","doi":"10.4018/IJGHPC.2021070102","DOIUrl":null,"url":null,"abstract":"As the application of network encryption technology expands, malicious attacks will also be protected by encryption mechanism, increasing the difficulty of detection. This paper focuses on the analysis of encrypted traffic in the network by hosting long-day encrypted traffic, coupled with a weighted algorithm commonly used in information retrieval and SSL/TLS fingerprint to detect malicious encrypted links. The experimental results show that the system proposed in this paper can identify potential malicious SSL/TLS fingerprints and malicious IP which cannot be recognized by other external threat information providers. The network packet decryption is not required to help clarify the full picture of the security incident and provide the basis of digital identification. Finally, the new threat intelligence obtained from the correlation analysis of this paper can be applied to regional joint defense or intelligence exchange between organizations. In addition, the framework adopts Google cloud platform and microservice technology to form an integrated serverless computing architecture.","PeriodicalId":43565,"journal":{"name":"International Journal of Grid and High Performance Computing","volume":"299 1","pages":"12-29"},"PeriodicalIF":0.6000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Grid and High Performance Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJGHPC.2021070102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 3

Abstract

As the application of network encryption technology expands, malicious attacks will also be protected by encryption mechanism, increasing the difficulty of detection. This paper focuses on the analysis of encrypted traffic in the network by hosting long-day encrypted traffic, coupled with a weighted algorithm commonly used in information retrieval and SSL/TLS fingerprint to detect malicious encrypted links. The experimental results show that the system proposed in this paper can identify potential malicious SSL/TLS fingerprints and malicious IP which cannot be recognized by other external threat information providers. The network packet decryption is not required to help clarify the full picture of the security incident and provide the basis of digital identification. Finally, the new threat intelligence obtained from the correlation analysis of this paper can be applied to regional joint defense or intelligence exchange between organizations. In addition, the framework adopts Google cloud platform and microservice technology to form an integrated serverless computing architecture.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于云计算的恶意加密流量分析与协作

随着网络加密技术应用的扩大，恶意攻击也会受到加密机制的保护，增加了检测的难度。本文主要通过托管长日加密流量对网络中的加密流量进行分析，结合信息检索中常用的加权算法和SSL/TLS指纹检测恶意加密链路。实验结果表明，本文提出的系统能够识别出其他外部威胁信息提供者无法识别的潜在恶意SSL/TLS指纹和恶意IP。不需要网络数据包解密来帮助澄清安全事件的全貌，并提供数字识别的基础。最后，本文通过相关分析得到的新的威胁情报可用于区域联合防御或组织间的情报交换。此外，该框架采用Google云平台和微服务技术，形成一体化的无服务器计算架构。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊