search

frenky-strasak / My_bachelor_thesis

My bachelor thesis is about detecting malware by machine learning.
6 stars 6 forks source link

one question about the MCFP dataset #4

Closed coderdr31 closed 5 years ago

coderdr31 commented 5 years ago

i finish reading your thesis,that is very good.And very thankful for your public code, thank u very much! but i have some questions about the MCFP dataset to trouble you: In the website'https://mcfp.felk.cvut.cz/publicDatasets/', there are 370 CTU-Malware-Capture-Botnet, but theis mention that '59 malware datasets from the Stratosphere Malware Capture Facility Project ',which 59 CTU-Malware-Capture-Botnets do you use? or you download all of 370 CTU-Malware-Capture-Botnet datasets and ...? lily

frenky-strasak commented 5 years ago

Hi lily, Thanks. From this dataset I chose only captures having HTTPS traffic and also without Mitm proxy interception, because if the Mitm proxy is used during capturing the traffic there is no original certificate.

Example of HTTPS traffic with Mitm proxy can be: https://mcfp.felk.cvut.cz/publicDatasets/CTU-Malware-Capture-Botnet-287-1/

How to recognize HTTPS with Mitm proxy capture?

  1. It is written in README.md. There should be something like: "Proxy Usage: This capture did use an intermediate proxy."
  2. More important patern is that a certificate.issuer in bro/x509.log is not original one. There is "O=mitmproxy,CN=mitmproxy".

There plenty of new captures so check it and use it. Good luck! Frenky

coderdr31 commented 5 years ago

oh, your reply is so detailed, i understand. Thank you very much! You are so warmhearted people!

Have a nice day! lily

asif48 commented 5 years ago

Hi lily...have you generated the results of the project successfully?

(I am not been able to find your email address...)

coderdr31 commented 5 years ago

Hi lily...have you generated the results of the project successfully?

(I am not been able to find your email address...)

I had executed part of programs, but I think that you can generate the results. What problem have you encountered?

asif48 commented 5 years ago

I was going though the similar project at https://github.com/Abonnen/Malicious_TLS_Detection but not been able to producethe result...(see my questions in issue tab)...

I want to work on this project so i was asking that...The project has print command without parenthesis, currently I am resolving this...

can you send me an email at amiable.asif48@gmail.com in case if I need help or can you help me in resolving that problems at the link provided?

coderdr31 commented 5 years ago

I was going though the similar project at https://github.com/Abonnen/Malicious_TLS_Detection but not been able to producethe result...(see my questions in issue tab)...

I want to work on this project so i was asking that...The project has print command without parenthesis, currently I am resolving this...

can you send me an email at amiable.asif48@gmail.com in case if I need help or can you help me in resolving that problems at the link provided?

I send you an email