Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date


Identification of Malicious SSL Networks by Subgraph Anomaly Detection

  • January 2018
  • By Dhia Mahjoub (OpenDNS), Thomas Mathew (OpenDNS)
  • In this presentation, the authors will discuss current ways malicious operators use SSL to secure their command-and-control and IP infrastructure.
  • Publisher: Cisco
  • Abstract

    Sophisticated attackers use SSL to secure communications to command-and-control domains or provide their clients with secure hosting infrastructure. The goal of this talk is to describe methods to automatically detect threats from SSL scan data without relying on prior seeds. We present a series of statistical graph techniques that allow us to discover botnet and bulletproof hosting IP space by examining SSL distribution patterns from open source data.

  • Download

Part of a Collection

FloCon 2018 Presentations