A Comparative Review of Malware Analysis and Detection in HTTPs Traffic

Abstract

HTTPs is essentially an integration of the Hypertext Transfer Protocol with either TLS or SSL. The responsibility of SSL/TLS in HTTPs is to encrypt the content of HTTP. Without encryption, the communication can be comprehended by anyone that keeps up seeing the packets between the sender and receiver. As a higher amount of web traffic shifts towards encrypted traffic, concealing an attack in encrypted communication will develop in prominence and refinement. Malware poses one of the significant digital security risks in the present scenario, with the goal of malware is to exfiltrate information from networks and misusing it. The measure of malwares utilizing HTTPs traffic for their communication is on the rise year by year. This situation is obscure to handle for cyber security researchers because malware traffic is encrypted, and it primarily looks like regular traffic. The detection and analysis of malware in HTTPs traffic is challenging because application data is encrypted between the client and server. This paper endeavors to analytically review the concepts and techniques for malware analysis and detection in HTTPs traffic and performs a comparative study of state of the art. The review suggests that most of the techniques are using the statistical features of network traffic and machine- learning based techniques in order to detect and classify malware in encrypted traffic.