In recent years, the rise of the Internet of Things has led to a gradual expansion of internet services, but most people ignore the importance of information security. This study investigates the characteristics of the malicious traffic that is generated during the operation of malware, and classifies malware into families without using SSL/TLS decryption. In this work, the features of traffic include the total numbers of packets and bits, sending time, packet size, delivery intervals, and others. All of features that are obtained by extracted of traffic flows are integrated into a complex set and a model that can identify the type of malware is trained by machine learning and deep learning. This work solves the problem of imbalanced data in traffic flows using a traffic analysis mechanism and developing a multi-layer network analysis structure that improves the stability and reliability of the proposed training model, to ensure cyber security.
[1]
Rahul Gomes,et al.
SMOTE Implementation on Phishing Data to Enhance Cybersecurity
,
2018,
2018 IEEE International Conference on Electro/Information Technology (EIT).
[2]
Li Zhang,et al.
The difference learning of hidden layer between autoencoder and variational autoencoder
,
2017,
2017 29th Chinese Control And Decision Conference (CCDC).
[3]
Subharthi Paul,et al.
Deciphering malware’s use of TLS (without decryption)
,
2016,
Journal of Computer Virology and Hacking Techniques.
[4]
Z. H. Bohari,et al.
Building energy management saving by considering lighting system optimization via ANOVA method
,
2018,
2018 4th International Conference on Computer and Technology Applications (ICCTA).