Professional Documents
Culture Documents
2
3
What is a Web Certificate?
PhishingTLS Increment
Malware free
Malware Abuse of TLS
encrypted
We want to identify malicious
certificates in real time!
Can we detect a “bad” certificate on the fly?
Malware Cert
Hunter
Certificate + URL
Safe site
Can we detect a “bad” certificate on the fly?
Malware Cert
Hunter
Certificate + URL
Malicious
site
Hunting Malicious TLS Certificates with
Deep Neural Networks
Cert-HunterData
Data Collected:
• 1,000,000 of legitimate use certificates
• 5,000 of phishing use certificates
• 3,000 of malware use certificates
90%+ of TLS attacks use non-validated certificates
55% of legitimate businesses use non-validated TLS certificates but 100% of them use
real information
90% of malicious certificates contains commons names like:
• Example.com
• Localhost
• Domain.com
• localdomain
TLS Certificate Examples
Legitimate Certificates from Alexa Top Million
CN = *.stackexchange.com, O = Stack Exchange, Inc., L = New York, S = NY, C = US
14
Feature engineering
We created 40 features divided into 4 categories:
• Excited
What comes next? Most probable
The dog is… • Hungry Hungry
• Green
• ….
Short term context • Affordable
RNN
• Excited
When it sees its owner What comes next? • Hungry Most probable
Hungry
the dog is.. • Green
• ….
Long term context
• Affordable
Short term context
LSTM
• Excited
When it sees its owner What comes next? • Hungry Most probable
Excited
the dog is.. • Green
• ….
Long term context
• Affordable
Short term context
Deep Learning Architecture
Subject Principal Issuer Principal Extracted Features
Embedding Embedding
Concatenate
Dense/ReLu
Dropout
Dense/Logit
score
Training process
lr=0.005
lr=0.005
Malicious Cert Classification Results (Phishing)
25
Malicious Cert Classification Results (Malware)
26
Takeaways
• It is possible to differentiate malicious certificates from
legitimate ones due to how attackers create their certificates.
luis.camacho@cyxtera.com
https://www.linkedin.com/in/luisdcamachog/
https://github.com/LuisDavidCamacho