Další formáty:
BibTeX
LaTeX
RIS
@inproceedings{1858543, author = {Novák, Pavel and Oujezský, Václav}, address = {Brno}, booktitle = {Proceedings II of the 28th Conference STUDENT EEICT 2022}, doi = {http://dx.doi.org/10.13164/eeict.2022.194}, editor = {Assoc. Prof. Vítězslav Novák}, keywords = {clustering; detection; JA3; JA3s; malware}, howpublished = {elektronická verze "online"}, language = {eng}, location = {Brno}, isbn = {978-80-214-6030-0}, pages = {194-197}, publisher = {Brno University of Technology, Faculty of Electrical Engineering and Communication}, title = {Detection of Malicious Network Traffic Behavior Using JA3 Fingerprints}, url = {https://www.eeict.cz/eeict_download/archiv/sborniky/EEICT_2022_sbornik_2_v2.pdf}, year = {2022} }
TY - JOUR ID - 1858543 AU - Novák, Pavel - Oujezský, Václav PY - 2022 TI - Detection of Malicious Network Traffic Behavior Using JA3 Fingerprints PB - Brno University of Technology, Faculty of Electrical Engineering and Communication CY - Brno SN - 9788021460300 KW - clustering KW - detection KW - JA3 KW - JA3s KW - malware UR - https://www.eeict.cz/eeict_download/archiv/sborniky/EEICT_2022_sbornik_2_v2.pdf N2 - This paper presents a novel approach for classifying spoof network traffic based on JA3 fingerprint clustering. In particular, it concerns the detection of so-called zero-day malware. The proposed method does not work with known JA3 hashes. However, it compares the JA3 fingerprint of captured traffic with JA3 fingerprints of traffic with predefined criteria, such as the use of current cipher suites or protocol, for classification. ER -
NOVÁK, Pavel a Václav OUJEZSKÝ. Detection of Malicious Network Traffic Behavior Using JA3 Fingerprints. Online. In Assoc. Prof. Vítězslav Novák. \textit{Proceedings II of the 28th Conference STUDENT EEICT 2022}. Brno: Brno University of Technology, Faculty of Electrical Engineering and Communication, 2022, s.~194-197. ISBN~978-80-214-6030-0. Dostupné z: https://dx.doi.org/10.13164/eeict.2022.194.
|