Abstract
Advanced Persistent Threat (APT) is one of the most serious types of cyber attacks, which is a new and more complex version of multistep attack. Within the APT life cycle, continuous communication between infected hosts and Command and Control (C&C) servers is maintained to instruct and guide the compromised machines. these communications are usually protected by Secure Sockets Layer (SSL) encryption, making it difficult to identify if the traffic directed to sites is malicious. This paper presents a Malicious SSL certificate Detection (MSSLD) module, which aims at detecting the APT C&C communications based on a blacklist of malicious SSL certificates. This blacklist consists of two forms of SSL certificates, the SHA1 fingerprints and the serial & subject, that are associated with malware and malicious activities. In this detection module, the network traffic is processed and all secure connections are filtered. The SSL certificate of each secure connection is then matched with the SSL certificate blacklist. This module was experimentally evaluated and the results show successful detection of malicious SSL certificates.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the International Conference on Future Networks and Distributed Systems, ICFNDS 2017 |
| Publisher | Association for Computing Machinery |
| ISBN (Electronic) | 9781450348447 |
| DOIs | |
| State | Published - 19 Jul 2017 |
| Externally published | Yes |
Publication series
| Name | ACM International Conference Proceeding Series |
|---|---|
| Volume | Part F130522 |
Bibliographical note
Publisher Copyright:© 2017 Association for Computing Machinery.
Keywords
- Advanced persistent threat
- Cyber attacks
- Intrusion detection system
- Malicious SSL certificate
- Malware
ASJC Scopus subject areas
- Software
- Human-Computer Interaction
- Computer Vision and Pattern Recognition
- Computer Networks and Communications