Malware Originated Http Traffic Detection Utilizing Cluster Appearance Ratio
2017 31ST INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING (ICOIN)(2017)
摘要
Recent cyber attacks are sophisticated so that it is difficult to prevent malware infection. Therefore, early malware infection detection becomes more important. Moreover, latest malware connects to C&C server by utilizing HTTP which is widely used on daily business. Furthermore, some of them utilizes HTTPS to hide its content from analyzer. Thus, it further makes malware infection detection harder with typical traffic analysis. In this paper, first, we extract new features such as HTTP request interval, body size, and header bag-of-words. Second, we cluster features and calculate cluster appearance ratio per communication host pairs. Third, we make classifier from learned cluster appearance ratio. Finally, we classify communication host pairs of traffic for evaluation by utilizing cluster appearance ratio.We evaluated our proposed method by 5-fold cross validation. The experimental result shows that the evaluation criterion "Recall" becomes 96% in average by utilizing malware originated HTTP traffic.
更多查看译文
关键词
malware,HTTP traffic detection,cluster appearance ratio utilization,cyber attacks,feature extraction
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络