View More
View Less
System Message
An unknown error has occurred and your request could not be completed. Please contact support.
Wait Listed
Personal Calendar
Conference Event
There aren't any available sessions at this time.
Conflict Found
This session is already scheduled at another time. Would you like to...
Please enter a maximum of {0} characters.
{0} remaining of {1} character maximum.
Please enter a maximum of {0} words.
{0} remaining of {1} word maximum.
must be 50 characters or less.
must be 40 characters or less.
Session Summary
On-demand Library
Cisco Live Session Videos and Presentations Listing
Online Events
Upcoming Cisco Live events
Social Networking
Connect with Cisco Live
Solutions Center
Cisco Live Conference Exhibitors
Cisco Live Survey
In-person Events
Cisco Live Milan 2014
Event Details
Social Media
Cisco Live Melbourne 2014
Cisco Live San Francisco 2014
Event Details
Scheduler (Live Jan 13)
Social Media
Cisco Live Cancun
Log in to access thousands of sessions on cloud, BYOD, data center, and more!
Join now to access free content from global Cisco Live conferences.
Add to My Interests
Add to My File Queue
Remove From My Interests
Remove from my File Queue
Incomplete Account Information
You have not yet completed your account information. Would you like to do so now?
Edit Account Now
You already have an account in the system. Please click here to login

If you don't remember your username and password, please use the forgot password utility.
  File Download Queue
Search Catalog

BRKSEC-2809 - Deciphering Malware's Use of TLS (without Decryption) (2017 Berlin) - 90 Mins

Session Description

The use of TLS by malware poses new challenges to network threat detection because traditional pattern-matching techniques can no longer be applied to its messages. However, TLS also introduces a complex set of observable data features that allow many inferences to be made about both the client and the server. We show that these features can be used to detect and understand malware communication, while at the same time preserving the privacy of benign uses of encryption. These data features also allow for accurate malware family attribution of network communication, even when restricted to a single, encrypted flow. We provide a general analysis on millions of TLS encrypted flows, and a targeted study on 18 malware families composed of thousands of unique malware samples and ten-of-thousands of malicious TLS flows.

Recommended Sessions
View Session