{"id":"https://openalex.org/W4402957849","doi":"https://doi.org/10.1145/3678890.3678921","title":"Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled Malware","display_name":"Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled Malware","publication_year":2024,"publication_date":"2024-09-29","ids":{"openalex":"https://openalex.org/W4402957849","doi":"https://doi.org/10.1145/3678890.3678921"},"language":"en","primary_location":{"id":"doi:10.1145/3678890.3678921","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678921","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3678890.3678921","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5041341066","display_name":"Diogo Barradas","orcid":"https://orcid.org/0000-0003-0338-2692"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Diogo Barradas","raw_affiliation_strings":["University of Waterloo, Canada"],"raw_orcid":"https://orcid.org/0000-0003-0338-2692","affiliations":[{"raw_affiliation_string":"University of Waterloo, Canada","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103247809","display_name":"Carlos Novo","orcid":"https://orcid.org/0009-0003-0094-5565"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I4210166615","display_name":"INESC TEC","ror":"https://ror.org/05fa8ka61","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I4210125590","https://openalex.org/I4210166615"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Carlos Novo","raw_affiliation_strings":["INESC TEC, HASLab &amp; DCC FCUP, Portugal"],"raw_orcid":"https://orcid.org/0009-0003-0094-5565","affiliations":[{"raw_affiliation_string":"INESC TEC, HASLab &amp; DCC FCUP, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I4210166615"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033372576","display_name":"Bernardo Portela","orcid":"https://orcid.org/0000-0002-7203-2621"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I4210166615","display_name":"INESC TEC","ror":"https://ror.org/05fa8ka61","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I4210125590","https://openalex.org/I4210166615"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Bernardo Portela","raw_affiliation_strings":["INESC TEC, HASLab &amp; DCC FCUP, Portugal"],"raw_orcid":"https://orcid.org/0000-0002-7203-2621","affiliations":[{"raw_affiliation_string":"INESC TEC, HASLab &amp; DCC FCUP, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I4210166615"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107629141","display_name":"Sofia Romeiro","orcid":null},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Sofia Romeiro","raw_affiliation_strings":["INESC-ID / IST, Universidade de Lisboa, Portugal"],"raw_orcid":"https://orcid.org/0000-0002-5251-0577","affiliations":[{"raw_affiliation_string":"INESC-ID / IST, Universidade de Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075037126","display_name":"Nuno Santos","orcid":"https://orcid.org/0000-0001-9938-0653"},"institutions":[{"id":"https://openalex.org/I121345201","display_name":"Instituto de Engenharia de Sistemas e Computadores Investiga\u00e7\u00e3o e Desenvolvimento","ror":"https://ror.org/04mqy3p58","country_code":"PT","type":"nonprofit","lineage":["https://openalex.org/I121345201","https://openalex.org/I4210125590"]},{"id":"https://openalex.org/I141596103","display_name":"University of Lisbon","ror":"https://ror.org/01c27hj86","country_code":"PT","type":"education","lineage":["https://openalex.org/I141596103"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Nuno Santos","raw_affiliation_strings":["INESC-ID / IST, Universidade de Lisboa, Portugal"],"raw_orcid":"https://orcid.org/0000-0001-9938-0653","affiliations":[{"raw_affiliation_string":"INESC-ID / IST, Universidade de Lisboa, Portugal","institution_ids":["https://openalex.org/I121345201","https://openalex.org/I141596103"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5041341066"],"corresponding_institution_ids":["https://openalex.org/I151746483"],"apc_list":null,"apc_paid":null,"fwci":4.0268,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.94460592,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"181","last_page":"196"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.859815239906311},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7450068593025208},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5300697088241577},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4062621593475342},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.33410128951072693}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.859815239906311},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7450068593025208},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5300697088241577},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4062621593475342},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.33410128951072693}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3678890.3678921","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678921","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3678890.3678921","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678921","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W1536589781","https://openalex.org/W1698314624","https://openalex.org/W2058143565","https://openalex.org/W2156204309","https://openalex.org/W2537766808","https://openalex.org/W2566050683","https://openalex.org/W2605422749","https://openalex.org/W2731865152","https://openalex.org/W2743556905","https://openalex.org/W2911964244","https://openalex.org/W2915352631","https://openalex.org/W2919493784","https://openalex.org/W2939971268","https://openalex.org/W2962993683","https://openalex.org/W2963065250","https://openalex.org/W3044183949","https://openalex.org/W3105087971","https://openalex.org/W3181596493","https://openalex.org/W4200449780","https://openalex.org/W4206646568","https://openalex.org/W4211242407","https://openalex.org/W4224315052","https://openalex.org/W4237357939","https://openalex.org/W4283068901","https://openalex.org/W4285071005","https://openalex.org/W4306406211","https://openalex.org/W4306406279","https://openalex.org/W4385695482","https://openalex.org/W4402957849"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W2249809453"],"abstract_inverted_index":{"As":[0],"the":[1,54,61,77],"Internet":[2],"evolves":[3],"from":[4],"TLS":[5,8,44,56,73,96,104,117,127],"1.2":[6,74,97,118],"to":[7,31,80,89,103,115,124],"1.3,":[9],"it":[10,113],"offers":[11],"enhanced":[12],"security":[13],"against":[14],"network":[15],"eavesdropping":[16],"for":[17,48,63,72,95,121],"online":[18],"communications.":[19],"However,":[20],"this":[21,86],"advancement":[22],"also":[23],"enables":[24],"malicious":[25,83],"command":[26],"and":[27,37,52],"control":[28],"(C2)":[29],"traffic":[30,66,123],"more":[32],"effectively":[33],"evade":[34],"malware":[35],"detectors":[36],"intrusion":[38],"detection":[39,119],"systems.":[40],"Among":[41],"other":[42],"capabilities,":[43],"1.3":[45,105,128],"introduces":[46],"encryption":[47],"most":[49],"handshake":[50],"messages":[51],"conceals":[53],"actual":[55],"record":[57],"content":[58],"type,":[59],"complicating":[60],"task":[62],"state-of-the-art":[64],"C2":[65,84,93,122],"classifiers":[67,94],"that":[68],"were":[69],"initially":[70],"developed":[71],"traffic.":[75],"Given":[76],"pressing":[78],"need":[79],"accurately":[81],"detect":[82],"communications,":[85],"paper":[87],"examines":[88],"what":[90],"extent":[91],"existing":[92],"are":[98],"less":[99],"effective":[100],"when":[101],"applied":[102],"traffic,":[106],"posing":[107],"a":[108],"central":[109],"research":[110],"question:":[111],"is":[112],"possible":[114],"adapt":[116],"methodologies":[120],"work":[125],"with":[126],"flows?":[129]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":1}],"updated_date":"2026-04-25T08:17:42.794288","created_date":"2025-10-10T00:00:00"}