Detecting Cyber Malicious Activity Via Analyzing SSL Certificates

  • Huda Dhanhani

Student thesis: Master's Thesis


Encryption is a cryptographic technique and an essential element for protecting user's data and privacy. This technique has been deployed in many legitimate applications that deal with users' sensitive data exchanged over different platforms. To achieve the latter, SSL certificate is used to create a trust level by establishing secure connection between the client and server. It helps users to feel confident in making transactions or exchanging data over the internet. Although SSL certificate is used for benign and legitimate applications, cybercriminals are taking advantages of its secure features while performing their cyber-criminal activities against victims. Cyber-criminal activities involve any action or attempt to exploit the technology assets (hardware or software) of an organization or individual. It can take the form of a targeted or massive (random) attacks. Targeted attacks usually performed on organization or government level to acquire critical and sensitive data, while massive attacks would include any targets of internet users to obtain data for financial or abuse purposes. Since SSL encryption introduces an obstacle for security researchers and analysts to spot malicious activities in the network, there is a need to conduct researches in this field to identify ways that would help detecting such activities. This thesis presents a study of the SSL/TLS protocols and X.509 SSL certificate with other related works in the field of detecting malicious activities in encrypted channels. Later, an overview of proposed method to detect cyber malicious activities via studying SSL certificate's metadata is explained. The method relies on studying domains' certificate metadata without the need for decryption. Future work will include applying machine learning algorithms and different checks on network data flows to enhance the detection mechanism and reduce false positive/ false negative rates.
Date of AwardDec 2019
Original languageAmerican English


  • MITM
  • APT
  • CA
  • APK
  • X.509

Cite this