Software security developers (e.g., anti-malware developers) may use intrusion prevention signatures and intrusion detection signatures to detect and/or prevent malware attacks against computing systems. However, malware may hide attacks within encrypted HTTPS sessions to avoid detection. Anti-malware applications may be unable to monitor these sessions for malicious content as they are often encrypted using Secure Socket Layer (SSL) certificates. Anti-malware programs may, however, attempt to detect whether an SSL certificate used to establish a malicious HTTPS session is a suspicious certificate (e.g., a stolen or revoked certificate). However, not all suspicious certificates are used for malicious purposes. For example, some organizations may, for legitimate purposes, use seemingly suspicious self-signed or expired digital certificates.
What is needed, therefore, is a more efficient and effective mechanism for detecting malicious use of digital certificates.