0507114 20240103222342.820190731235959.9 85030325858 000426964900077 10.1145/3098954.3107007 7 s. P cav_un_epca*0507113978-1-4503-5257-41-7New YorkACM2017 HTTPS data Malware detection Supervised learning cav_un_auth*0352238 Komárek T. CZ cav_un_auth*0101197 Somol Petr Rozpoznávání obrazu Department of Pattern Recognition RO RO UTIA-B Department of Pattern Recognition Ústav teorie informace a automatizace AV ČR, v. v. i. http://library.utia.cas.cz/separaty/2019/RO/somol-0507114.pdf One of the current challenges in network intrusion detection research is the malware communicating over HTTPS protocol. Usually the task is to detect infected end-nodes with this type of malware by monitoring network traffc. The challenge lies in a very limited number of weak features that can be extracted from the network traffc capture of encrypted HTTP communication. This paper suggests a novel fingerprinting method that addresses this problem by building a higher-level end-node representation on top of the weak features. Conducted large-scale experiments on real network data show superior performance of the proposed method over the state-of-the-art solution in terms of both a lower number of produced false alarms (precision) and a higher number of detected infections (recall). cav_un_auth*0377822 the 12th International Conference on Availability, Reliability and Security (ARES'17) 20170829 20170901 Reggio Calabria IT BC 20000 20200 20204 2020 2 PR RVO:67985556 http://hdl.handle.net/11104/0298533 S 77 3+4 Proceedings Paper Computer Science Information Systems 3+4 Proceedings Paper Computer Science Information Systems 3+4 Proceedings Paper Computer Science Information Systems 2017 85030325858 SCOPUS PUBMED 000426964900077 WOS cav_un_epca*0507113 Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES'17) 978-1-4503-5257-4 1 7 New York ACM 2017