{"title":"基于云计算的恶意加密流量分析与协作","authors":"Tzung-Han Jeng, Wen-Yang Luo, Chuan-Chiang Huang, Chien-Chih Chen, Kuang-Hung Chang, Yi-Ming Chen","doi":"10.4018/IJGHPC.2021070102","DOIUrl":null,"url":null,"abstract":"As the application of network encryption technology expands, malicious attacks will also be protected by encryption mechanism, increasing the difficulty of detection. This paper focuses on the analysis of encrypted traffic in the network by hosting long-day encrypted traffic, coupled with a weighted algorithm commonly used in information retrieval and SSL/TLS fingerprint to detect malicious encrypted links. The experimental results show that the system proposed in this paper can identify potential malicious SSL/TLS fingerprints and malicious IP which cannot be recognized by other external threat information providers. The network packet decryption is not required to help clarify the full picture of the security incident and provide the basis of digital identification. Finally, the new threat intelligence obtained from the correlation analysis of this paper can be applied to regional joint defense or intelligence exchange between organizations. In addition, the framework adopts Google cloud platform and microservice technology to form an integrated serverless computing architecture.","PeriodicalId":43565,"journal":{"name":"International Journal of Grid and High Performance Computing","volume":"299 1","pages":"12-29"},"PeriodicalIF":0.6000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Cloud Computing for Malicious Encrypted Traffic Analysis and Collaboration\",\"authors\":\"Tzung-Han Jeng, Wen-Yang Luo, Chuan-Chiang Huang, Chien-Chih Chen, Kuang-Hung Chang, Yi-Ming Chen\",\"doi\":\"10.4018/IJGHPC.2021070102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the application of network encryption technology expands, malicious attacks will also be protected by encryption mechanism, increasing the difficulty of detection. This paper focuses on the analysis of encrypted traffic in the network by hosting long-day encrypted traffic, coupled with a weighted algorithm commonly used in information retrieval and SSL/TLS fingerprint to detect malicious encrypted links. The experimental results show that the system proposed in this paper can identify potential malicious SSL/TLS fingerprints and malicious IP which cannot be recognized by other external threat information providers. The network packet decryption is not required to help clarify the full picture of the security incident and provide the basis of digital identification. Finally, the new threat intelligence obtained from the correlation analysis of this paper can be applied to regional joint defense or intelligence exchange between organizations. In addition, the framework adopts Google cloud platform and microservice technology to form an integrated serverless computing architecture.\",\"PeriodicalId\":43565,\"journal\":{\"name\":\"International Journal of Grid and High Performance Computing\",\"volume\":\"299 1\",\"pages\":\"12-29\"},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Grid and High Performance Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/IJGHPC.2021070102\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Grid and High Performance Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/IJGHPC.2021070102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
Cloud Computing for Malicious Encrypted Traffic Analysis and Collaboration
As the application of network encryption technology expands, malicious attacks will also be protected by encryption mechanism, increasing the difficulty of detection. This paper focuses on the analysis of encrypted traffic in the network by hosting long-day encrypted traffic, coupled with a weighted algorithm commonly used in information retrieval and SSL/TLS fingerprint to detect malicious encrypted links. The experimental results show that the system proposed in this paper can identify potential malicious SSL/TLS fingerprints and malicious IP which cannot be recognized by other external threat information providers. The network packet decryption is not required to help clarify the full picture of the security incident and provide the basis of digital identification. Finally, the new threat intelligence obtained from the correlation analysis of this paper can be applied to regional joint defense or intelligence exchange between organizations. In addition, the framework adopts Google cloud platform and microservice technology to form an integrated serverless computing architecture.