Cloud computing for malicious encrypted traffic analysis and collaboration

Tzung Han Jeng, Wen Yang Luo, Chuan Chiang Huang, Chien Chih Chen, Kuang Hung Chang, Yi Ming Chen

Research output: Contribution to journalArticlepeer-review

Abstract

As the application of network encryption technology expands, malicious attacks will also be protected by encryption mechanism, increasing the difficulty of detection. This paper focuses on the analysis of encrypted traffic in the network by hosting long-day encrypted traffic, coupled with a weighted algorithm commonly used in information retrieval and SSL/TLS fingerprint to detect malicious encrypted links. The experimental results show that the system proposed in this paper can identify potential malicious SSL/TLS fingerprints and malicious IP which cannot be recognized by other external threat information providers. The network packet decryption is not required to help clarify the full picture of the security incident and provide the basis of digital identification. Finally, the new threat intelligence obtained from the correlation analysis of this paper can be applied to regional joint defense or intelligence exchange between organizations. In addition, the framework adopts Google cloud platform and microservice technology to form an integrated serverless computing architecture.

Original languageEnglish
Pages (from-to)12-29
Number of pages18
JournalInternational Journal of Grid and High Performance Computing
Volume13
Issue number3
DOIs
StatePublished - 1 Jul 2021

Keywords

  • JA3
  • MapReduce
  • Microservice
  • Serverless
  • SSL/TLS Fingerprinting
  • TF-IDF
  • Threat Intelligent

Fingerprint

Dive into the research topics of 'Cloud computing for malicious encrypted traffic analysis and collaboration'. Together they form a unique fingerprint.

Cite this