# TLS-Malware-Detection-with-Machine-Learning

**Repository Path**: wu_zhengqi/TLS-Malware-Detection-with-Machine-Learning

## Basic Information

- **Project Name**: TLS-Malware-Detection-with-Machine-Learning
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2020-08-30
- **Last Updated**: 2020-12-19

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# TLS-Malware-Detection-with-Machine-Learning

Repository containing code for cleaning of TLS flows extracted from Cisco Joy telemetry tool. Cleaned TLS flows are extracted and written to .csv file before machine learning classifiers 
are applied. Based on the research of Olivier Roques (https://github.com/ojroques/tls-malware-detection) and Cisco (https://blogs.cisco.com/security/detecting-encrypted-malware-traffic-without-decryption)

### Usage
Cisco joy is utilized to extract network telemetry data from .pcap files. Run cisco joy using the parameters specified below:

```
bin/joy tls=1 bidir=1 dist=1 num_pkts=50 zeros=0 retrans=0 entropy=1 $file | gunzip | ./sleuth --where "tls=*" > filename.json
```

.json files are run through tls_flow_filter.py to produce .csv files

### Websites to obtain .pcaps for training and validation
Link to magestic millions csv file:
https://majestic.com/reports/majestic-million

Link to websites which contain large .pcap files:
https://www.netresec.com/?page=PcapFiles