{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T17:41:45Z","timestamp":1772905305454,"version":"3.50.1"},"publisher-location":"Singapore","reference-count":38,"publisher":"Springer Singapore","isbn-type":[{"value":"9789811680588","type":"print"},{"value":"9789811680595","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-981-16-8059-5_13","type":"book-chapter","created":{"date-parts":[[2021,12,2]],"date-time":"2021-12-02T13:03:12Z","timestamp":1638450192000},"page":"213-229","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["A Review on TLS Encryption Malware Detection: TLS Features, Machine Learning Usage, and Future Directions"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1547-0385","authenticated-orcid":false,"given":"Kinan","family":"Keshkeh","sequence":"first","affiliation":[]},{"given":"Aman","family":"Jantan","sequence":"additional","affiliation":[]},{"given":"Kamal","family":"Alieyan","sequence":"additional","affiliation":[]},{"given":"Usman Mohammed","family":"Gana","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,1,1]]},"reference":[{"key":"13_CR1","doi-asserted-by":"publisher","unstructured":"Durumeric, Z., et al.: The security impact of HTTPS interception. In: NDSS (2017). https:\/\/doi.org\/10.14722\/ndss.2017.23456","DOI":"10.14722\/ndss.2017.23456"},{"issue":"1","key":"13_CR2","first-page":"8","volume":"12","author":"SH Kok","year":"2019","unstructured":"Kok, S.H., Abdullah, A., Jhanjhi, N.Z., Supramaniam, M.: A review of intrusion detection system using machine learning approach. Int. J. Eng. Res. Technol. 12(1), 8\u201315 (2019)","journal-title":"Int. J. Eng. Res. Technol."},{"issue":"1","key":"13_CR3","doi-asserted-by":"publisher","first-page":"2210","DOI":"10.12785\/ijcds\/100111","volume":"10","author":"AP Singh","year":"2021","unstructured":"Singh, A.P., Singh, M.: A comparative review of malware analysis and detection in HTTPs traffic. Int. J. Comput. Digit. Syst. 10(1), 2210\u20133142 (2021). https:\/\/doi.org\/10.12785\/ijcds\/100111","journal-title":"Int. J. Comput. Digit. Syst."},{"key":"13_CR4","unstructured":"Understanding malware & other threats - Windows security | Microsoft Docs. https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/intelligence\/understanding-malware. Accessed 20 Sept 2020"},{"key":"13_CR5","unstructured":"What Is the Difference: Viruses, Worms, Trojans, and Bots? https:\/\/tools.cisco.com\/security\/center\/resources\/virus_differences. Accessed 08 Oct 2020"},{"key":"13_CR6","first-page":"2277","volume":"3","author":"S Gadhiya","year":"2013","unstructured":"Gadhiya, S., Bhavsar, K.H.: Techniques for malware analysis. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3, 2277\u20133128 (2013)","journal-title":"Int. J. Adv. Res. Comput. Sci. Softw. Eng."},{"key":"13_CR7","unstructured":"Jenseg, O.: A machine learning approach to detecting malware in TLS traffic using resilient network features. Master\u2019s thesis, NTNU (2019)"},{"key":"13_CR8","unstructured":"Patrick, N.: The TLS Handshake: taking a closer look - Hashed Out by The SSL StoreTM (2019). https:\/\/www.thesslstore.com\/blog\/explaining-ssl-handshake\/. Accessed 08 July 2020"},{"issue":"2","key":"13_CR9","doi-asserted-by":"publisher","first-page":"721","DOI":"10.32604\/cmc.2019.05610","volume":"60","author":"J Liu","year":"2019","unstructured":"Liu, J., Zeng, Y., Shi, J., Yang, Y., Wang, R., He, L.: Maldetect: a structure of encrypted malware traffic detection. Comput. Mater. Contin. 60(2), 721\u2013739 (2019). https:\/\/doi.org\/10.32604\/cmc.2019.05610","journal-title":"Comput. Mater. Contin."},{"issue":"3","key":"13_CR10","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1007\/s11416-017-0306-6","volume":"14","author":"B Anderson","year":"2017","unstructured":"Anderson, B., Paul, S., McGrew, D.: Deciphering malware\u2019s use of TLS (without decryption). J. Comput. Virol. Hack. Tech. 14(3), 195\u2013211 (2017). https:\/\/doi.org\/10.1007\/s11416-017-0306-6","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"13_CR11","unstructured":"Senecal, D., Kahn, A., Segal, O., et al.: Bot detection in an edge network using Transport Layer Security (TLS) fingerprint. Google Patents (2019)"},{"key":"13_CR12","unstructured":"Anderson, B., McGrew, D.: Leveraging point inferences on HTTP transactions for HTTPS malware detection. Google Patents (2019)"},{"key":"13_CR13","unstructured":"Roques, O., Maffeis, S., Cova, M.: Detecting malware in TLS traffic. Ph.D. diss., Imperial College London (2019)"},{"key":"13_CR14","doi-asserted-by":"publisher","unstructured":"Calderon, P., Hasegawa, H., Yamaguchi, Y., Shimada, H.: Malware detection based on HTTPS characteristic via machine learning. In: ICISSP 2018 \u2013 Proceedings of 4th International Conference on Information Systems Security Privacy, vol. 2018-Janua, no. Icissp, pp. 410\u2013417 (2018). https:\/\/doi.org\/10.5220\/0006654604100417","DOI":"10.5220\/0006654604100417"},{"issue":"5","key":"13_CR15","doi-asserted-by":"publisher","first-page":"e0232696","DOI":"10.1371\/journal.pone.0232696","volume":"15","author":"R Zheng","year":"2020","unstructured":"Zheng, R., et al.: Two-layer detection framework with a high accuracy and efficiency for a malware family over the TLS protocol. PLoS ONE 15(5), e0232696 (2020). https:\/\/doi.org\/10.1371\/journal.pone.0232696","journal-title":"PLoS ONE"},{"key":"13_CR16","doi-asserted-by":"publisher","unstructured":"Dai, R., Gao, C., Lang, B., Yang, L., Liu, H., Chen, S.: SSL malicious traffic detection based on multi-view features. In: ACM International Conference on Proceeding Series, pp. 40\u201346 (2019). https:\/\/doi.org\/10.1145\/3371676.3371697","DOI":"10.1145\/3371676.3371697"},{"key":"13_CR17","doi-asserted-by":"publisher","unstructured":"Bazuhair, W., Lee, W.: Detecting malign encrypted network traffic using perlin noise and convolutional neural network. In: 2020 10th Annual Computing and Communication Workshop and Conference, CCWC 2020, January 2020, pp. 200\u2013206 (2020). https:\/\/doi.org\/10.1109\/CCWC47524.2020.9031116","DOI":"10.1109\/CCWC47524.2020.9031116"},{"key":"13_CR18","doi-asserted-by":"publisher","unstructured":"Prasse, P., Gruben, G., Pevny, T., Sofka, M., Scheffer, T.: Malware detection by HTTPS traffic analysis. Math. Fak. Potsdam Univ. (2017). https:\/\/doi.org\/10.1109\/OCEANS.2001.968684","DOI":"10.1109\/OCEANS.2001.968684"},{"key":"13_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1007\/978-3-030-12942-2_18","volume-title":"Innovative Security Solutions for Information Technology and Communications","author":"S Puuska","year":"2019","unstructured":"Puuska, S., Kokkonen, T., Alatalo, J., Heilimo, E.: Anomaly-based network intrusion detection using wavelets and adversarial autoencoders. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 234\u2013246. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-12942-2_18"},{"key":"13_CR20","doi-asserted-by":"publisher","unstructured":"Anderson, B., McGrew, D.: Identifying encrypted malware traffic with contextual flow data. In: AISec 2016 - Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security Co-located with CCS 2016, pp. 35\u201346 (2016). https:\/\/doi.org\/10.1145\/2996758.2996768","DOI":"10.1145\/2996758.2996768"},{"key":"13_CR21","doi-asserted-by":"publisher","unstructured":"Anderson, B., McGrew, D.: Machine learning for encrypted malware traffic classification: Accounting for noisy labels and non-stationarity. In: Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, vol. Part F1296, pp. 1723\u20131732 (2017). https:\/\/doi.org\/10.1145\/3097983.3098163","DOI":"10.1145\/3097983.3098163"},{"key":"13_CR22","doi-asserted-by":"publisher","unstructured":"Prasse, P., Machlica, L., Pevny, T., Havelka, J., Scheffer, T.: Malware detection by analysing network traffic with neural networks. In: Proceedings of the 2017 IEEE Symposium on Security and Privacy Workshops, SPW 2017, vol. 2017-Decem, pp. 205\u2013210 (2017). https:\/\/doi.org\/10.1109\/SPW.2017.8","DOI":"10.1109\/SPW.2017.8"},{"key":"13_CR23","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/978-3-319-23461-8_6","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"V Franc","year":"2015","unstructured":"Franc, V., Sofka, M., Bartos, K.: Learning detector of malicious network traffic from weak labels. In: Bifet, A., et al. (eds.) ECML PKDD 2015. LNCS (LNAI and LNB), vol. 9286, pp. 85\u201399. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-23461-8_6"},{"key":"13_CR24","unstructured":"Bortolameotti, R.: C&C botnet detection over SSL. Master\u2019s thesis, University of Twente (2014)"},{"key":"13_CR25","unstructured":"Stras\u00e1k, F.: Detection of HTTPS malware traffic. Bachelor\u2019s thesis, Czech Technical University in Prague, pp. 1\u201349 (2017)"},{"key":"13_CR26","doi-asserted-by":"publisher","unstructured":"Kato, H., Haruta, S., Sasase, I.: Android malware detection scheme based on level of SSL server certificate. In: 2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings, no. 2, pp. 379\u2013389 (2019). https:\/\/doi.org\/10.1109\/GLOBECOM38437.2019.9013483","DOI":"10.1109\/GLOBECOM38437.2019.9013483"},{"key":"13_CR27","unstructured":"Fehrman, B., Woody, E., et al.: Connection information. Google Patents (2020)"},{"key":"13_CR28","unstructured":"Senecal, D., Kahn, A., Segal, O., et al.: Bot detection in an edge network using Transport Layer Security (TLS) fingerprint. Google Patents, vol. 1 (2019)"},{"key":"13_CR29","doi-asserted-by":"publisher","unstructured":"De Lucia, M. J., Cotton, C.: Detection of Encrypted Malicious Network Traffic using Machine Learning. In: Proceedings of the IEEE Military Communications Conference, MILCOM, vol. 2019-Novem, pp. 1\u20136 (2019). https:\/\/doi.org\/10.1109\/MILCOM47813.2019.9020856","DOI":"10.1109\/MILCOM47813.2019.9020856"},{"key":"13_CR30","doi-asserted-by":"publisher","unstructured":"Torroledo, I., Camacho, L. D., Bahnsen, A. C.: Hunting malicious TLS certificates with deep neural networks. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 64\u201373 (2018). https:\/\/doi.org\/10.1145\/3270101.3270105","DOI":"10.1145\/3270101.3270105"},{"key":"13_CR31","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1016\/j.eswa.2018.02.010","volume":"101","author":"J Kohout","year":"2018","unstructured":"Kohout, J., Kom\u00e1rek, T., \u010cech, P., Bodn\u00e1r, J., Loko\u010d, J.: Learning communication patterns for malware discovery in HTTPs data. Expert Syst. Appl. 101, 129\u2013142 (2018). https:\/\/doi.org\/10.1016\/j.eswa.2018.02.010","journal-title":"Expert Syst. Appl."},{"key":"13_CR32","unstructured":"Marou\u0161ek, J.: Efficient kNN classification of malware from HTTPS data. Master\u2019s thesis, Charles University, Faculty of Mathematics and Physics (2017)"},{"key":"13_CR33","unstructured":"What is an Extended Validation Certificate?\u202f:: What is an Extended Validation Certificate?\u202f:: GlobalSign GMO Internet, Inc. https:\/\/www.globalsign.com\/en\/ssl-information-center\/what-is-an-extended-validation-certificate. Accessed 08 Oct 2020"},{"key":"13_CR34","doi-asserted-by":"publisher","unstructured":"Allix, K., Bissyand\u00e9, T. F., Klein, J., Le Traon, Y.: AndroZoo: collecting millions of android apps for the research community. In: Proceedings - 13th Working Conference on Mining Software Repositories, MSR 2016, pp. 468\u2013471 (2016). https:\/\/doi.org\/10.1145\/2901739.2903508.","DOI":"10.1145\/2901739.2903508"},{"key":"13_CR35","unstructured":"Brownlee, J.: Supervised and unsupervised machine learning algorithms (2016). https:\/\/machinelearningmastery.com\/supervised-and-unsupervised-machine-learning-algorithms\/. Accessed 03 June 2021"},{"key":"13_CR36","unstructured":"Commonly Used Machine Learning Algorithms | Data Science. https:\/\/www.analyticsvidhya.com\/blog\/2017\/09\/common-machine-learning-algorithms\/. Accessed 28 Sept 2020"},{"key":"13_CR37","doi-asserted-by":"crossref","unstructured":"Kononenko, I., Kukar, M.: Machine Learning and Data Mining. Horwood Publishing (2007)","DOI":"10.1533\/9780857099440"},{"key":"13_CR38","doi-asserted-by":"publisher","unstructured":"Yao, B., Li, F., Kumar, P.: K nearest neighbor queries and KNN-joins in large relational databases (almost) for free. In: Proceedings - International Conference on Data Engineering, pp. 4\u201315 (2010). https:\/\/doi.org\/10.1109\/ICDE.2010.5447837","DOI":"10.1109\/ICDE.2010.5447837"}],"container-title":["Communications in Computer and Information Science","Advances in Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-16-8059-5_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,2]],"date-time":"2021-12-02T13:13:52Z","timestamp":1638450832000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-16-8059-5_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9789811680588","9789811680595"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-981-16-8059-5_13","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"1 January 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACeS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Advances in Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Penang","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Malaysia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 August 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"aces2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.aces.usm.my\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"92","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"36","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}