{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T06:03:14Z","timestamp":1766210594035,"version":"3.48.0"},"reference-count":31,"publisher":"Information Processing Society of Japan","issue":"0","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Journal of Information Processing"],"published-print":{"date-parts":[[2025]]},"DOI":"10.2197\/ipsjjip.33.1119","type":"journal-article","created":{"date-parts":[[2025,12,14]],"date-time":"2025-12-14T22:09:21Z","timestamp":1765750161000},"page":"1119-1127","source":"Crossref","is-referenced-by-count":0,"title":["An Analysis of TLS Parameter Variation in Malware C2 Communication"],"prefix":"10.2197","volume":"33","author":[{"given":"Atsushi","family":"Kanda","sequence":"first","affiliation":[{"name":"NTT DOCOMO BUSINESS, Inc."},{"name":"Institute of Information Security"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Masaki","family":"Hashimoto","sequence":"additional","affiliation":[{"name":"Kagawa University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Takao","family":"Okubo","sequence":"additional","affiliation":[{"name":"Institute of Information Security"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1012","reference":[{"key":"1","unstructured":"[1] ThreatLabz: ThreatLabz 2024 Encrypted Attacks Report, Technical Report, Zscaler, Inc. (2024)."},{"key":"2","unstructured":"[2] Althouse, J., Atkinson, J. and Atkins, J.: JA3 - A method for profiling SSL\/TLS Clients, Salesforce, Inc. (online), available from &lt;https:\/\/github.com\/salesforce\/ja3&gt; (accessed 2025-03-04)."},{"key":"3","unstructured":"[3] Althouse, J.: JA4+ network fingerprinting, FoxIO (online), available from &lt;https:\/\/github.com\/FoxIO-LLC\/ja4&gt; (accessed 2025-03-04)."},{"key":"4","unstructured":"[4] Wireshark Foundation: Wireshark, available from &lt;https:\/\/www.wireshark.org\/&gt; (accessed 2025-03-04)."},{"key":"5","unstructured":"[5] Security Intelligence Response Team: Bots Tampering With TLS to Avoid Detection, Akamai Technologies (online), available from &lt;https:\/\/www.akamai.com\/blog\/security\/bots-tampering-with-tls-to-avoid-detection&gt; (accessed 2025-03-04)."},{"key":"6","unstructured":"[6] Moore, R.: TLS Prober, available from &lt;https:\/\/github.com\/WestpointLtd\/tls_prober&gt; (accessed 2025-03-04)."},{"key":"7","unstructured":"[7] Althouse, J., Smart, A., Nunnally, R.J. and Brady, M.: JARM, Salesforce, Inc. (online), available from &lt;https:\/\/github.com\/salesforce\/jarm&gt; (accessed 2025-03-04)."},{"key":"8","unstructured":"[8] Qualys SSL Labs: HTTP Client Fingerprinting Using SSL Handshake Analysis, available from &lt;https:\/\/www.ssllabs.com\/projects\/client-fingerprinting\/&gt; (accessed 2025-03-04)."},{"key":"9","unstructured":"[9] Marek: SSL fingerprinting for p0f, available from &lt;https:\/\/idea.popcount.org\/2012-06-17-ssl-fingerprinting-for-p0f\/&gt; (accessed 2025-03-04)."},{"key":"10","unstructured":"[10] Brotherston, L.: TLS fingerprinting, available from &lt;https:\/\/github.com\/LeeBrotherston\/tls-fingerprinting&gt; (accessed 2025-03-04)."},{"key":"11","unstructured":"[11] SSLBL: JA3 Fingerprints, available from &lt;https:\/\/sslbl.abuse.ch\/ja3-fingerprints\/&gt; (accessed 2025-03-04)."},{"key":"12","doi-asserted-by":"crossref","unstructured":"[12] Frolov, S. and Wustrow, E.: The use of TLS in Censorship Circumvention, <i>NDSS<\/i> (2019).","DOI":"10.14722\/ndss.2019.23511"},{"key":"13","unstructured":"[13] Anderson, B.: The Generation and Use of TLS Fingerprints, <i>FloCon<\/i> (2019)."},{"key":"14","unstructured":"[14] Cisco: Joy, available from &lt;https:\/\/github.com\/cisco\/joy&gt; (accessed 2025-03-04)."},{"key":"15","doi-asserted-by":"crossref","unstructured":"[15] Benjamin, D.: Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility, RFC 8701 (2020).","DOI":"10.17487\/RFC8701"},{"key":"16","unstructured":"[16] McGrew, D.: Bayes at 10+ Gbps: Identifying Malicious and Vulnerable Processes from Passive Traffic Fingerprinting, <i>FloCon<\/i> (2020)."},{"key":"17","unstructured":"[17] Cisco: Mercury, available from &lt;https:\/\/github.com\/cisco\/mercury&gt; (accessed 2025-03-04)."},{"key":"18","unstructured":"[18] Anderson, B. and McGrew, D.: Accurate TLS Fingerprinting using Destination Context and Knowledge Bases (2020)."},{"key":"19","doi-asserted-by":"crossref","unstructured":"[19] Anderson, B., Paul, S. and McGrew, D.: Deciphering malware&apos;s use of TLS (without decryption), <i>Journal of Computer Virology and Hacking Techniques<\/i>, Vol.14, pp.195-211 (2018).","DOI":"10.1007\/s11416-017-0306-6"},{"key":"20","doi-asserted-by":"crossref","unstructured":"[20] Barradas, D., Novo, C., Portela, B., Romeiro, S. and Santos, N.: Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled Malware, <i>Proc. 27th International Symposium on Research in Attacks, Intrusions and Defenses<\/i>, <i>RAID &apos;24<\/i>, pp.181-196, Association for Computing Machinery (2024).","DOI":"10.1145\/3678890.3678921"},{"key":"21","unstructured":"[21] Duncan, B.: Malware Traffic Analysis, available from &lt;https:\/\/www.malware-traffic-analysis.net\/&gt; (accessed 2025-03-04)."},{"key":"22","doi-asserted-by":"crossref","unstructured":"[22] Moussaileb, R., Cuppens, N., Lanet, J.-L. and Le Bouder, H.: Ransomware network traffic analysis for pre-encryption alert, <i>Foundations and Practice of Security: 12th International Symposium, FPS 2019, Toulouse, France, November 5-7, 2019, Revised Selected Papers 12<\/i>, pp.20-38, Springer (2020).","DOI":"10.1007\/978-3-030-45371-8_2"},{"key":"23","doi-asserted-by":"crossref","unstructured":"[23] Almousa, M., Osawere, J. and Anwar, M.: Identification of ransomware families by analyzing network traffic using machine learning techniques, <i>2021 3rd International Conference on Transdisciplinary AI<\/i> (<i>TransAI<\/i>), pp.19-24, IEEE (2021).","DOI":"10.1109\/TransAI51903.2021.00012"},{"key":"24","doi-asserted-by":"crossref","unstructured":"[24] Guo, J., Sang, Y., Chang, P., Xu, X. and Zhang, Y.: MGEL: A robust malware encrypted traffic detection method based on ensemble learning with multi-grained features, <i>International Conference on Computational Science<\/i>, pp.195-208, Springer (2021).","DOI":"10.1007\/978-3-030-77964-1_16"},{"key":"25","unstructured":"[25] Cisco Systems, Inc.: Cisco 2018 Annual Cybersecurity Report, Technical Report (2018)."},{"key":"26","doi-asserted-by":"crossref","unstructured":"[26] Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3, RFC 8446 (2018).","DOI":"10.17487\/RFC8446"},{"key":"27","unstructured":"[27] Qualys SSL Labs: SSL Pulse, available from &lt;https:\/\/www.ssllabs.com\/ssl-pulse\/&gt; (accessed 2025-03-04)."},{"key":"28","unstructured":"[28] Benjamin, D. and Adrian, D.: Feature: TLS ClientHello extension permutation, available from &lt;https:\/\/chromestatus.com\/feature\/5124606246518784&gt; (accessed 2025-03-04)."},{"key":"29","unstructured":"[29] Schwarz, L. and Jackson, D.: Add Option for Randomizing TLS Client Hello Extension Order, available from &lt;https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1789436&gt; (accessed 2025-03-04)."},{"key":"30","doi-asserted-by":"crossref","unstructured":"[30] Cui, S., Han, X., Dong, C., Li, Y., Liu, S., Lu, Z. and Liu, Y.: MVDet: Encrypted malware traffic detection via multi-view analysis, <i>Journal of Computer Security<\/i>, Vol.32, No.6, pp.533-555 (2024).","DOI":"10.3233\/JCS-230024"},{"key":"31","doi-asserted-by":"crossref","unstructured":"[31] Jung, I.-S., Song, Y.-R., Jilcha, L.A., Kim, D.-H., Im, S.-Y., Shim, S.-W., Kim, Y.-H. and Kwak, J.: Enhanced Encrypted Traffic Analysis Leveraging Graph Neural Networks and Optimized Feature Dimensionality Reduction, <i>Symmetry<\/i>, Vol.16, p.733 (2024).","DOI":"10.3390\/sym16060733"}],"container-title":["Journal of Information Processing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/ipsjjip\/33\/0\/33_1119\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T03:53:27Z","timestamp":1766202807000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/ipsjjip\/33\/0\/33_1119\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":31,"journal-issue":{"issue":"0","published-print":{"date-parts":[[2025]]}},"URL":"https:\/\/doi.org\/10.2197\/ipsjjip.33.1119","relation":{},"ISSN":["1882-6652"],"issn-type":[{"type":"electronic","value":"1882-6652"}],"subject":[],"published":{"date-parts":[[2025]]}}}