BSides DC 2016 – Detecting Malicious websites using Machine Learning

We present a set of newly tuned algorithms that can distinguish between malicious and non-malicious websites with a high degree of accuracy using Machine Learning (ML). We use the Bro IDS/IPS tool for extracting the SSL certificates from network traffic and training the ML algorithms.

The extracted SSL attributes are then loaded into multiple ML frameworks such as Splunk, AWS ML and we run a series of classification algorithms to identify those attributes that correlate with malicious sites.

Our analysis shows that there are a number of emerging patterns that even allow for identification of high-jacked devices and self-signed certificates. We present the results of our analysis which show which attributes are the most relevant for detecting malicious SSL certificates and as well the performance of the ML algorithms.

Ajit Thyagarajan (CTO at Atomic Mole)
Ajit Thyagarajan is an innovative and passionate technologist who explores challenging technology opportunities. He is currently CTO at Atomic Mole, a cybersecurity company developing a simple and effective security solution for the Enterprise.

Until recently, he held multiple Director positions at Fidelis Cybersecurity. His area of research is new techniques for the detection of malware using network tools. Prior to Fidelis, he was heavily involved in with Internet Protocols and building fast routers.

Ajit also mentors several cybersecurity start-ups as part of Mach37, a Virginia based Cyber security incubator.

Andrew Beard (Lead Software Architect at Atomic Mole)
Andrew Beard is the Lead Software Architect at Atomic Mole. His background is in software development, threat research, and abuse of enterprise grade security products in his home network.