Decrypting SSL/TLS traffic for hidden threats detection
This addresses security challenges for network administrators and organizations by providing a tool to detect malicious activity in encrypted traffic, though it appears incremental as it builds on existing decryption methods.
The paper tackles the problem of detecting hidden threats in encrypted SSL/TLS traffic by developing an automated approach for intercepting and decrypting such traffic, enabling near real-time data decryption for network monitoring.
The paper presents an analysis of the main mechanisms of decryption of SSL/TLS traffic. Methods and technologies for detecting malicious activity in encrypted traffic that are used by leading companies are also considered. Also, the approach for intercepting and decrypting traffic transmitted over SSL/TLS is developed, tested and proposed. The developed approach has been automated and can be used for remote listening of the network, which will allow to decrypt transmitted data in a mode close to real time.