M3F: A novel multi-session and multi-protocol based malware traffic fingerprinting

N.S. Agency, 2021 NSA Cybersecurity Year in Review, Tech. rep., 2021. Roesch, 1999, Snort: Lightweight intrusion detection for networks, 229 Open Information Security Foundation, 2022 Salesforce, 2022 Anderson, 2020 Habibi Lashkari, 2017, Characterization of tor traffic using time based features, 253 Anderson, 2018, Deciphering malware’s use of TLS (without decryption), J. Comput. Virol. Hacking Tech., 14, 195, 10.1007/s11416-017-0306-6 Dai, 2019, SSL malicious traffic detection based on multi-view features, 40 Gezer, 2019, A flow-based approach for Trickbot banking trojan detection, Comput. Secur., 84, 179, 10.1016/j.cose.2019.03.013 Stergiopoulos, 2018, Automatic detection of various malicious traffic using side channel features on TCP packets, 346 Dong, 2021, MBTree: Detecting encryption RATs communication using malicious behavior tree, IEEE Trans. Inf. Forensics Secur., 16, 3589, 10.1109/TIFS.2021.3071595 Anderson, 2019, Limitless HTTP in an HTTPS world: Inferring the semantics of the HTTPS protocol without decryption, 267 Wang, 2017, Malware traffic classification using convolutional neural network for representation learning, 712 Wang, 2017, End-to-end encrypted traffic classification with one-dimensional convolution neural networks, 43 Kim, 2020, Poster: Feasibility of malware traffic analysis through TLS-encrypted flow visualization, 1 Aceto, 2020, Toward effective mobile encrypted traffic classification through deep learning, Neurocomputing, 409, 306, 10.1016/j.neucom.2020.05.036 Zhu, 2018, A deep learning approach for network anomaly detection based on AMF-LSTM, 137 Niu, 2022, Uncovering APT malware traffic using deep learning combined with time sequence and association analysis, Comput. Secur., 120, 10.1016/j.cose.2022.102809 Lin, 2022, ET-BERT: A contextualized datagram representation with pre-training transformers for encrypted traffic classification, 633 Lotfollahi, 2020, Deep packet: A novel approach for encrypted traffic classification using deep learning, Soft Comput., 24, 1999, 10.1007/s00500-019-04030-2 Xing, 2020, Detecting anomalies in encrypted traffic via deep dictionary learning, 734 Wang, 2018, HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection, IEEE Access, 6, 1792, 10.1109/ACCESS.2017.2780250 Onwuzurike, 2019, MaMaDroid: Detecting android malware by building Markov chains of behavioral models (Extended version), ACM Trans. Priv. Secur., 22, 1, 10.1145/3313391 Ficco, 2019, Detecting IoT malware by Markov chain behavioral models, 229 Amer, 2020, A dynamic Windows malware detection and prediction method based on contextual understanding of API call sequence, Comput. Secur., 92, 10.1016/j.cose.2020.101760 Al-Bakri, 2014, Static analysis based behavioral api for malware detection using markov chain, Int. Inst. Sci. Technol. Educ. (IISTE), 5 Ravi, 2012, Malware detection using windows api sequence and machine learning, Int. J. Comput. Appl., 43, 12 Bailluet, 2021, Ransomware detection using Markov chain models over file headers Martín, 2018, CANDYMAN: Classifying android malware families by modelling dynamic traces with Markov chains, Eng. Appl. Artif. Intell., 74, 121, 10.1016/j.engappai.2018.06.006 Korczyński, 2014, Markov chain fingerprinting to classify encrypted traffic, 781 Shen, 2016, Certificate-aware encrypted traffic classification using Second-Order Markov Chain, 1 Shen, 2017, Classification of encrypted traffic with second-order markov chains and application attribute bigrams, IEEE Trans. Inf. Forensics Secur., 12, 1830, 10.1109/TIFS.2017.2692682 Chao, 2020, A fingerprint enhancement and second-order Markov chain based malicious encrypted traffic identification scheme, 328 Shen, 2021, Fine-grained webpage fingerprinting using only packet length information of encrypted traffic, IEEE Trans. Inf. Forensics Secur., 16, 2046, 10.1109/TIFS.2020.3046876 Shen, 2019, Webpage fingerprinting using only packet length information, 1 Liu, 2018, LaFFT: Length-aware FFT based fingerprinting for encrypted network traffic classification, 1 Liu, 2018, MaMPF: Encrypted traffic classification based on multi-attribute Markov probability fingerprints, 1 Cai, 2021, MEMG: Mobile encrypted traffic classification with Markov chains and graph neural network, 478 Paxson, 1999, Bro: a system for detecting network intruders in real-time, Comput. Netw., 31, 2435, 10.1016/S1389-1286(99)00112-7 García, 2014, An empirical comparison of botnet detection methods, Comput. Secur., 45, 100, 10.1016/j.cose.2014.05.011 Sharafaldin, 2018, Toward generating a new intrusion detection dataset and intrusion traffic characterization, ICISSp, 1, 108 Sebastián, 2016, AVclass: A tool for massive malware labeling, 230 Jia, 2021, Trojan traffic detection based on meta-learning, 167 Ring, 2019, A survey of network-based intrusion detection data sets, Comput. Secur., 86, 147, 10.1016/j.cose.2019.06.005 Anderson, 2016, Identifying encrypted malware traffic with contextual flow data, 35 Salowey, 2008, 1