Avatar

Blake Anderson

Software Engineer

Advanced Security Research Group

Blake is a software engineer in Cisco’s Advanced Security Research Group where he uses machine learning to analyze network data.

He received his PhD from the University of New Mexico. In his dissertation, he developed novel machine learning techniques and applied these techniques to classify, cluster, and find phylogenetic relationships on malware data. He has numerous peer-reviewed publications and several patents.

His current interests include finding ways to intelligently leverage machine learning solutions in real-world security deployments.

Articles

April 29, 2019

SECURITY

TLS Fingerprinting in the Real World

To protect your data, you must understand the traffic on your network.  This task has become even more challenging with widespread use of the Transport Layer Security (TLS) protocol, which inhibits traditional network security monitoring techniques.  The good news is that TLS fingerprinting can help…

June 23, 2017

SECURITY

Detecting Encrypted Malware Traffic (Without Decryption)

Introduction Over the past 2 years, we have been systematically collecting and analyzing malware-generated packet captures. During this time, we have observed a steady increase in the percentage of malware samples using TLS-based encryption to evade detection. In August 2015, 2.21% of the malware sa…

January 25, 2016

SECURITY

Hiding in Plain Sight: Malware’s Use of TLS and Encryption

Introduction TLS (Transport Layer Security) is a cryptographic protocol that provides privacy for applications. TLS is usually implemented on top of common protocols such as HTTP for web browsing or SMTP for email. HTTPS is the usage of TLS over HTTP, which is the most popular way of securing commun…