University of Twente Student Theses


Anomaly Detection of malicious TLS traffic

Timmer, I.R. (2018) Anomaly Detection of malicious TLS traffic.

Full text not available from this repository.

Full Text Status:Access to this publication is restricted
Abstract:Due to security and privacy issues more and more data get encrypted. This prevents private data from being read or manipulated by malicious entities. However, this can be a problem in environments where network traffic is monitored as a security measurement. This thesis investigates if it is possible to use a machine learning technique, called anomaly detection or unsupervised learning, can be used to detect encrypted malicious encrypted traffic. In the first part an extensive overview of the most widely used encryption protocol is given and used to find features that can be extracted from the encrypted connection setup. In the second part their are are made groups of the different features that can be extracted from the network traffic. These features where extracted from a real live network and from a set of network captures from malware samples. In the end the gathered datasets are used to test the different machine learning algorithms. It was test which kind of featuresets and algorithm could find the most malicious connections but also provides the lowest number of false positive. While there were some good result, there is still some improvement needed before it can be used useful.
Item Type:Essay (Master)
Northwave, Nieuwegein, Nederland
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page