Detection of malicious Encrypted Web Traffic using Machine Learning




Shah, Jay

Journal Title

Journal ISSN

Volume Title



An increasing amount of web traffic is currently encrypted using HTTPS. While most of the HTTPS traffic is legitimate, a growing slice is generated by malware. The use of the HTTPS protocol by malware makes its detection more challenging. The current approach is to detect HTTPS malware traffic by using HTTPS interceptor proxies. This method requires decrypting the traffic on the fly, which poses some threat to the data and communication security and privacy. The goal of this project is to detect HTTPS malicious traffic without decryption. We propose a new detection model that leverages the underlying HTTPS certificate characteristics and connection data that are fed to a machine learning classifier. Our model consists of a set of features extracted from log files generated from the Bro Intrusion Detection System (IDS), which are classified using the XGBoost algorithm. Experimental evaluation is conducted using a public dataset, yielding encouraging results.