| CPC H04L 63/1416 (2013.01) [H04L 63/1425 (2013.01)] | 18 Claims |
|
1. A method for predicting a malicious connection between a client device and a server, the method comprising:
before making a secure connection, obtaining handshake parameters for the client device and the server responsive to the client device initiating a connection with the server, wherein the handshake parameters comprise a first set of handshake parameters transmitted from the client device to the server in a client channel setup message and a second set of parameters transmitted from the server to the client device in a server channel setup message, and wherein the handshake parameters are unencrypted plaintext;
generating a feature set by extracting features from the handshake parameters, wherein extracting comprises evaluating non-numerical data from the first set of handshake parameters and the second set of handshake parameters;
predicting a maliciousness of the connection using a machine learning model, wherein the extracted features are provided as inputs to the machine learning model; and
automatically initiating a corrective action before making the secure connection if the connection is predicted to be malicious.
|