Towards Fingerprinting Malicious Traffic
作者: Amine Boukhtouta , Nour-Eddine Lakhdari , Serguei A Mokhov , Mourad Debbabi , None
DOI: 10.1016/J.PROCS.2013.06.073
关键词: Machine learning 、 Traffic classification 、 Computer science 、 Artificial intelligence 、 Computer security 、 Malware 、 Boosting (machine learning) 、 Malware analysis 、 False positive rate
摘要: Abstract The primary intent of this paper is detect malicious traffic at the network level. To end, we apply several machinelearning techniques to build classifiers that fingerprint maliciousness on IP traffic. As such, J48, Na¨ive Bayesian, SVMand Boosting algorithms are used classify malware communications generated from dynamic anal-ysis framework. log files pre-processed in order extract features characterize maliciouspackets. data mining applied these features. comparison between different resultshas shown J48 and Boosted have performed better than other algorithms. We managed obtain adetection rate 99% with a false positive less 1% for algorithms.Additional tests results show our model can obtained differentsources.c 2011 Published by Elsevier Ltd. Keywords: Traffic Classification, Malicious Detection, Malware Analysis.
core.ac.uk
elsevier.com
sci-hub.se 参考文章(17)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Suresh Singh, James R. Binkley, An algorithm for anomaly-based botnet detection conference on steps to reducing unwanted traffic on internet. pp. 7- 7 ,(2006)
Brian Rexroad, Anestis Karasaridis, David Hoeflin, Wide-scale botnet detection and characterization conference on workshop on hot topics in understanding botnets. pp. 7- 7 ,(2007)
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Y. Okada, S. Ata, N. Nakamura, Y. Nakahira, I. Oka, Comparisons of Machine Learning Algorithms for Application Identification of Encrypted Traffic international conference on machine learning and applications. ,vol. 2, pp. 358- 361 ,(2011) , 10.1109/ICMLA.2011.162
Carl Livadas, Robert Walsh, David Lapsley, W. Timothy Strayer, Usilng Machine Learning Technliques to Identify Botnet Traffic local computer networks. pp. 967- 974 ,(2006) , 10.1109/LCN.2006.322210
John McHugh, Testing Intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 262- 294 ,(2000) , 10.1145/382912.382923
J.D. Day, H. Zimmermann, The OSI reference model Proceedings of the IEEE. ,vol. 71, pp. 1334- 1340 ,(1983) , 10.1109/PROC.1983.12775