Abstract
Since the introduction of QUIC protocol, a major change has affected the Internet transport layer, which improves user experience with some security threats. Developed by Google in 2012, QUIC provides a low latency, connection-oriented and encrypted transport. In addition to the encryption capability of QUIC, it overcomes many issues found in the current transport protocols, such as the high-latency connection establishment in TCP. On the other hand, studies on the security analysis of QUIC's key establishment showed several drawbacks. Moreover, the encryption mechanism of the protocol allows adversarial Command Control (C2) packets to blind with regular QUIC traffic without raising any alarms. Therefore, in this study, we develop a machine learning approach based on fingerprinting that can be used in intrusion detection systems to detect malicious C2 QUIC traffic. To demonstrate the effectiveness of this approach, we conducted an experiment and tested the performance of six machine learning classifiers. The results show that by utilizing the fingerprint, most of the classifiers recognized malicious C2 traffic with an average accuracy of 98%.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2022 7th International Conference on Data Science and Machine Learning Applications, CDMA 2022 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 194-199 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781665410144 |
| DOIs | |
| State | Published - 2022 |
Publication series
| Name | Proceedings - 2022 7th International Conference on Data Science and Machine Learning Applications, CDMA 2022 |
|---|
Bibliographical note
Publisher Copyright:© 2022 IEEE.
Keywords
- Command Control (C2) packet
- Fingerprinting
- Intrusion Detection
- Machine Learning
- QUIC Protocol
ASJC Scopus subject areas
- Artificial Intelligence
- Computer Science Applications
- Information Systems and Management
- Safety, Risk, Reliability and Quality
- Health Informatics