Published July 28, 2023 | Version v1
Journal article Open

Pump Up the JARM: Studying the Evolution of Botnets using Active TLS Fingerprinting

  • 1. Foundation for Research and Technology-Hellas
  • 2. Technical University of Crete

Description

The growing adoption of network encryption protocols, like TLS, has altered the scene of monitoring network traffic. With the advent and rapid increase in network encryption mechanisms, typical deep packet inspection systems that monitor network packet payload contents are gradually becoming obsolete, while in the meantime, adversaries abuse the utilization of the TLS protocol to bypass them.

In this paper, aiming to understand the botnet ecosystem in the wild, we contact IP addresses known to participate in malicious activities using the JARM tool for active probing.

Files

iscc 2023.pdf

Files (240.1 kB)

Name Size Download all
md5:e78980e1841f9dbe5126be2c40334376
240.1 kB Preview Download

Additional details