Published July 28, 2023 | Version v1
Journal article Open

Pump Up the JARM: Studying the Evolution of Botnets using Active TLS Fingerprinting

  • 1. Foundation for Research and Technology-Hellas
  • 2. Technical University of Crete


The growing adoption of network encryption protocols, like TLS, has altered the scene of monitoring network traffic. With the advent and rapid increase in network encryption mechanisms, typical deep packet inspection systems that monitor network packet payload contents are gradually becoming obsolete, while in the meantime, adversaries abuse the utilization of the TLS protocol to bypass them.

In this paper, aiming to understand the botnet ecosystem in the wild, we contact IP addresses known to participate in malicious activities using the JARM tool for active probing.


iscc 2023.pdf

Files (240.1 kB)

Name Size Download all
240.1 kB Preview Download

Additional details