How to detect Malware in Encrypted Traffic Without Decryption – Christopher van der Made
Identifying threats contained within encrypted network traffic poses a unique set of challenges. It is important to monitor this traffic for threats and malware, but do so in a way that maintains the integrity of the encryption.
Because pattern matching cannot operate on encrypted data, previous approaches have leveraged observable metadata gathered from the flow, e.g., the flow’s packet lengths and inter-arrival times. In this session we will walk through the machine learning models and algorithms that have offered an efficient way of detecting malware in encrypted traffic, without decrypting the traffic. To set the stage, we will first also have a broader look at the uses of AI and ML in cyber security.