Published July 28, 2023
| Version v1
Journal article
Open
Pump Up the JARM: Studying the Evolution of Botnets using Active TLS Fingerprinting
Creators
- 1. Foundation for Research and Technology-Hellas
- 2. Technical University of Crete
Description
The growing adoption of network encryption protocols, like TLS, has altered the scene of monitoring network traffic. With the advent and rapid increase in network encryption mechanisms, typical deep packet inspection systems that monitor network packet payload contents are gradually becoming obsolete, while in the meantime, adversaries abuse the utilization of the TLS protocol to bypass them.
In this paper, aiming to understand the botnet ecosystem in the wild, we contact IP addresses known to participate in malicious activities using the JARM tool for active probing.
Files
iscc 2023.pdf
Files
(240.1 kB)
Name | Size | Download all |
---|---|---|
md5:e78980e1841f9dbe5126be2c40334376
|
240.1 kB | Preview Download |