An Outlook on using Packet Sampling in Flow-based C2 TLS Malware Traffic Detection

Carlos Novo; João Marco C. Silva; Ricardo Morla

An Outlook on using Packet Sampling in Flow-based C2 TLS Malware Traffic Detection

Carlos Novo, João Marco C. Silva, Ricardo Morla

Published: 01 Jan 2021, Last Modified: 06 Feb 2025NoF 2021EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: Packet sampling plays an important role in keeping storage and processing requirements at a manageable level in network management. However, because it reduces the amount of available information, it can also reduce the performance of some related tasks, such as detecting security events. In this context, this work explores how packet sampling impacts machine learning-based tasks, in particular, flow-based C2 TLS malware traffic detection using a deep neural network. Based on a proposed lightweight sampling scheme, the ongoing results show a small reduction in classification accuracy compared with analysing all the traffic, while reducing in 10 fold the number of packets processed.

Loading