Observer effect: How Intercepting HTTPS traffic forces malware to change their behavior

During the last couple of years there has been an important surge on the use of HTTPs by malware. The reason for this increase is not completely understood yet, but it is hypothesized that it was forced by organizations only allowing web traffic to the Internet. Using HTTPs makes malware behavior si...

Descripción completa

Detalles Bibliográficos
Autores principales: Erquiaga, María José, García, Sebastián, García Garino, Carlos
Formato: Objeto de conferencia
Lenguaje:Inglés
Publicado: 2017
Materias:
Ciencias Informáticas
malware
botnets
network security
MITM
proxy
Acceso en línea:http://sedici.unlp.edu.ar/handle/10915/63935
Aporte de:
SEDICI (UNLP) de Universidad Nacional de La Plata
id I19-R120-10915-63935
record_format dspace
institution Universidad Nacional de La Plata
institution_str I-19
repository_str R-120
collection SEDICI (UNLP)
language Inglés
topic Ciencias Informáticas
malware
botnets
network security
MITM
proxy
spellingShingle Ciencias Informáticas
malware
botnets
network security
MITM
proxy
Erquiaga, María José
García, Sebastián
García Garino, Carlos
Observer effect: How Intercepting HTTPS traffic forces malware to change their behavior
topic_facet Ciencias Informáticas
malware
botnets
network security
MITM
proxy
description During the last couple of years there has been an important surge on the use of HTTPs by malware. The reason for this increase is not completely understood yet, but it is hypothesized that it was forced by organizations only allowing web traffic to the Internet. Using HTTPs makes malware behavior similar to normal connections. Therefore, there has been a growing interest in understanding the usage of HTTPs by malware. This paper describes our research to obtain large quantities of real malware traffic using HTTPs, our use of man-in-the-middle HTTPs interceptor proxies to open and study the content, and our analysis of how the behavior of the malware changes after being intercepted. The research goal is to understand how malware uses HTTPs and the impact of intercepting its traffic. We conclude that the use of a interceptor proxy forces the malware to change its behavior and therefore should be carefully considered before being implemented.
format Objeto de conferencia
Objeto de conferencia
author Erquiaga, María José
García, Sebastián
García Garino, Carlos
author_facet Erquiaga, María José
García, Sebastián
García Garino, Carlos
author_sort Erquiaga, María José
title Observer effect: How Intercepting HTTPS traffic forces malware to change their behavior
title_short Observer effect: How Intercepting HTTPS traffic forces malware to change their behavior
title_full Observer effect: How Intercepting HTTPS traffic forces malware to change their behavior
title_fullStr Observer effect: How Intercepting HTTPS traffic forces malware to change their behavior
title_full_unstemmed Observer effect: How Intercepting HTTPS traffic forces malware to change their behavior
title_sort observer effect: how intercepting https traffic forces malware to change their behavior
publishDate 2017
url http://sedici.unlp.edu.ar/handle/10915/63935
work_keys_str_mv AT erquiagamariajose observereffecthowinterceptinghttpstrafficforcesmalwaretochangetheirbehavior
AT garciasebastian observereffecthowinterceptinghttpstrafficforcesmalwaretochangetheirbehavior
AT garciagarinocarlos observereffecthowinterceptinghttpstrafficforcesmalwaretochangetheirbehavior
bdutipo_str Repositorios
_version_ 1764820479474925568

Ejemplares similares