Statistical network behavior based threat detection
| Autor: | Lawrence Drabeck, Ran He, Jin Cao |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Wireless network
business.industry Computer science 05 social sciences Feature extraction 020206 networking & telecommunications 02 engineering and technology Machine learning computer.software_genre Data modeling Constant false alarm rate Software Sandbox (computer security) 0202 electrical engineering electronic engineering information engineering Malware 0501 psychology and cognitive sciences Artificial intelligence business computer Host (network) 050104 developmental & child psychology |
| Zdroj: | INFOCOM Workshops |
| DOI: | 10.1109/infcomw.2017.8116413 |
| Popis: | Malware, short for malicious software, contuses to morph and change. Traditional anti-virus software may have problems detecting malicious software that have not been seen before. By employing machine learning techniques, one can learn the general behavior patterns of different threat types and use these to detect variants of unknown threats. We have developed a malware detection system based on machine learning that uses features derived from a user's network flows to external hosts. A novel aspect of our technique is to separate hosts into different groups by how common they are visited by the users and then develop user features separately for each of these host groups. The network data for the training of the detector is based on malware samples that have been run in a sandbox and normal users' traffic that is collected from an LTE wireless network provider. Specifically, we use the Adaboost algorithm as the classification engine and obtain a good performance of 0.78% false alarm rate and 96.5% accuracy for detecting users infected with malwares. We also provide high and low confidence regions for our system based on subclasses of threats. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|