Detecting Malicious websites using Machine Learning presented at bsidesdc 2016

by Ajit Thyagarajan,

Summary : We present a set of newly tuned algorithms that can distinguish between malicious and non-malicious websites with a high degree of accuracy using Machine Learning (ML). We use the Bro IDS/IPS tool for extracting the SSL certificates from network traffic and training the ML algorithms.
The extracted SSL attributes are then loaded into multiple ML frameworks such as Splunk, AWS ML and we run a series of classification algorithms to identify those attributes that correlate with malicious sites.
Our analysis shows that there are a number of emerging patterns that even allow for identification of high-jacked devices and self-signed certificates. We present the results of our analysis which show which attributes are the most relevant for detecting malicious SSL certificates and as well the performance of the ML algorithms.