Detecting Encrypted Malware Traffic (Without Decryption)

By Blake Anderson Introduction Over the past 2 years, we have been systematically collecting and analyzing malware-generated packet captures. During this time, we have observed a steady increase in the percentage of malware samples using TLS-based encryption to evade detection. In August 2015, 2.21% of the malware samples used TLS, increasing to 21.44% in May 2017. During that […]

Source:: Cisco Security Notice