icon-carat-right menu search cmu-wordmark

Identification of Malicious SSL Networks by Subgraph Anomaly Detection

Presentation
In this presentation, the authors will discuss current ways malicious operators use SSL to secure their command-and-control and IP infrastructure.
Publisher

Cisco Systems, Inc.

Abstract

Sophisticated attackers use SSL to secure communications to command-and-control domains or provide their clients with secure hosting infrastructure. The goal of this talk is to describe methods to automatically detect threats from SSL scan data without relying on prior seeds. We present a series of statistical graph techniques that allow us to discover botnet and bulletproof hosting IP space by examining SSL distribution patterns from open source data.