Abstract
Internet applications use SSL to provide data confidential- ity to communicating entities. The use of encryption in SSL makes it impossible to distinguish between benign and malicious connections as the content cannot be inspected. Therefore, we propose and evaluate a set of indicators for malicious SSL connections, which is based on the unencrypted part of SSL (i.e., the SSL handshake protocol). We provide strong evidence for the strength of our indicators to identify malicious connections by cross-checking on blacklists from professional services. Besides the confirmation of prior research results through our indicators, we also found indications for a potential (not yet blacklisted) botnet on SSL. We consider the analysis of such SSL threats as highly relevant and hope that our findings stimulate the research community to further study this direction.
Original language | Undefined |
---|---|
Title of host publication | 9th International Conference on Network and System Security, NSS 2015 |
Place of Publication | New York |
Publisher | Springer |
Pages | 162-175 |
Number of pages | 14 |
ISBN (Print) | 978-3-319-25645-0 |
DOIs | |
Publication status | Published - Nov 2015 |
Event | 9th International Conference on Network and System Security, NSS 2015 - New York, United States Duration: 3 Nov 2015 → 5 Nov 2015 Conference number: 9 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer Verlag |
Volume | 9408 |
Conference
Conference | 9th International Conference on Network and System Security, NSS 2015 |
---|---|
Abbreviated title | NSS |
Country/Territory | United States |
City | New York |
Period | 3/11/15 → 5/11/15 |
Keywords
- SCS-Cybersecurity
- IR-98163
- METIS-315016
- EWI-26432