Malware Detection via Encrypted Packet Analysis
The recent security reports from highly reputable security firms such as Symantec unanimously describe the rapidly growing presence of malware seeking for a financial advantage. While many countermeasures such as firewalls and anti-malware software are developed to fight against this emerging threat, most of them put a heavy computational burden on the devices themselves, and therefore, they are not suitable for the ever-increasing number of resource-limited personal devices. The monitoring of network packets coming from / going into devices is a promising approach to address this issue. Unfortunately, this method is not highly effective for the group of malware which are exploiting message encryption to hide their presence from network monitoring systems. On the other hand, the most state-of-art approaches are not suitable for real-time monitoring of malware activities as requiring significant amount of time to determine the presence of a malware. To address this issue, this project aims to develop novel algorithms to detect the presence of malware exploiting encryption based on various techniques from both worlds, Analytical Data Science and Cryptanalysis, throughout network packet monitoring only.