首页    期刊浏览 2024年11月30日 星期六
登录注册

文章基本信息

  • 标题:MALWARE DECTION USING IP FLOW LEVEL ATTRIBUTES
  • 本地全文:下载
  • 作者:AHMED ABDALLA ; HAITHAM A. JAMIL ; HAMZA AWAD HAMZA IBRAHIM
  • 期刊名称:Journal of Theoretical and Applied Information Technology
  • 印刷版ISSN:1992-8645
  • 电子版ISSN:1817-3195
  • 出版年度:2013
  • 卷号:57
  • 期号:3
  • 出版社:Journal of Theoretical and Applied
  • 摘要:Although the task of malware detection in network traffic had been done successfully through Deep Packet Inspection (DPI) in the last two decades, this approach is becoming less efficient due to the continuous increasing of network traffic volumes and speeds and concerns on user�s privacy. The recent alternative approach is the flow-based detection which has the ability to inspect high speed and backbone network traffic because it significantly aggregates and reduces the inspected data. However, the capability of this approach to detect packet-based attacks such as viruses and trojans is questionable because of the absence of the actual data at the payload level. In this paper we proof through experiments the ability to detect network flows that contain malicious packets that had been previously marked as malicious by Snort using only flow level attributes using several Machine Learning (ML) classifiers. We created our dataset from captured traces of a subnet of our university�s network. The detection accuracy is found to be 75% True Positive (TP) with almost zero False Negative which we consider as a verification of the capability of flow-based approach to detect malware. This finding is encouraging for future researches where it can be combined with more traditional detection methods to form more powerful NIDSs.
  • 关键词:Network Intrusion Detection System (NIDS); Flow level network traffic inspection; Snort; Malware Detection; Machine Learning; NetFlow
国家哲学社会科学文献中心版权所有