Towards Fingerprinting Malicious Traffic
نویسندگان
چکیده
The primary intent of this paper is detect malicious traffic at the network level. To this end, we apply several machine learning techniques to build classifiers that fingerprint maliciousness on IP traffic. As such, J48, Naı̈ve Bayesian, SVM and Boosting algorithms are used to classify malware communications that are generated from dynamic malware analysis framework. The generated traffic log files are pre-processed in order to extract features that characterize malicious packets. The data mining algorithms are applied on these features. The comparison between different algorithms results has shown that J48 and Boosted J48 algorithms have performed better than other algorithms. We managed to obtain a detection rate of 99% of malicious traffic with a false positive rate less than 1% for J48 and Boosted J48 algorithms. Additional tests have generated results that show that our model can detect malicious traffic obtained from different sources. c © 2011 Published by Elsevier Ltd.
منابع مشابه
Structural traffic analysis for network security monitoring
Traffic on the Internet is constantly growing more complex and multifaceted. This natural evolution is mirrored by novel kinds of malicious traffic: automated attacks subvert thousands of machines at a time, enabling a wide range of subsequent attacks and nuisances such as distributed denial-of-service attacks and generation of vast amounts of unsolicited electronic mail. Consequently, there is...
متن کاملA Large-scale Analysis of Content Modification by Open HTTP Proxies
Open HTTP proxies offer a quick and convenient solution for routing web traffic towards a destination. In contrast to more elaborate relaying systems, such as anonymity networks or VPN services, users can freely connect to an open HTTP proxy without the need to install any special software. Therefore, open HTTP proxies are an attractive option for bypassing IPbased filters and geo-location rest...
متن کاملCorrelation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks
Corresponding Author: Ayyamuthukumar, D. Department of CSE, K.S. Rangasamy College of Technology, Tiruchengode, Namakkal, Tamilnadu, India Email: [email protected] Abstract: DDoS attacks have become very popular since the turn of this millennium and has stayed in the headlines due to ever increasing and sometimes devastating attacks on popular web servers. In this study, we deal with DDoS ...
متن کامل60 Seconds on the Wire: A Look at Malicious Traffic
Despite advances in detection, malware remains an active and high-risk threat to organizations. Understanding the characteristics of malware traffic can be vital in detecting, as well as responding to an incident inside an organization. In this paper, over 20,000 PCAPS generated by known malware are explored to find these characteristics. The focus of the research is on HTTP traffic since this ...
متن کاملMachine learning based mobile malware detection using highly imbalanced network traffic
In recent years, the number and variety of malicious mobile apps have increased drastically, especially on Android platform, which brings insurmountable challenges for malicious app detection. Researchers endeavor to discover the traces of malicious apps using network traffic analysis. In this study, we combine network traffic analysis with machine learning methods to identify malicious network...
متن کامل