What is it about?
Nowadays, most Web applications have moved from HTTP to HTTPs, which uses SSL/TLS for encryption. Encryption is broadly utilized over the Internet for safe communication and ensures that information cannot be captured. However, encryption additionally enables cybercriminals to conceal their malicious message and succeed in malware attacks while staying away from identification. Recognizing these threats or attacks enclosed in encrypted network traffic poses an inimitable set of tasks. It is imperative to inspect this traffic for threats and malware in such a manner that keeps up the integrity of the encryption. In this paper, a comparative analysis of benign and malicious HTTPS traffic is presented. The passive monitoring was performed through Wireshark network monitoring tool and explored the SSL/TLS handshake protocol in depth.
Featured Image
Photo by Chris Liverani on Unsplash
Why is it important?
A comparative study shows that benign and malicious traffic can be distinguished on the basis of version number, cipher suite, SNI and digital certificate. In future work, we propose to extract statistical features from the captured packets in order to enable us to effectively classify network traffic.
Perspectives
This article provides useful information on the comparative analysis of malicious and benign HTTPs traffic. It helps network security researchers to understand the network traffic, especially in HTTPs traffic in detailed manner.
Dr Abhay Pratap Singh Bhadauria
GLA University
Read the Original
This page is a summary of: A Comparative Analysis of Benign and Malicious HTTPs Traffic, September 2020, Springer Science + Business Media,
DOI: 10.1007/978-981-15-4936-6_36.
You can read the full text:
Contributors
The following have contributed to this page
