Detection of Cyber Malware Attack Based on Network Traffic Features Using Neural Network

Various techniques have been developed to detect cyber malware attacks, such as behavior based method which utilizes the analysis of permissions and system calls made by a process. However, this technique cannot handle the types of malware that continue to evolve. Therefore, an analysis of other suspicious activities – namely network traffic or network traffic – need to be conducted. Network traffic acts as a medium for sending information used by malware developers to communicate with malware infecting a victim's device. Malware analyzed in this study is divided into 3 classes, namely adware, general malware, and benign. The malware classification implements 79 features extracted from network traffic flow and an analysis of these features using a Neural Network that matches the characteristics of a time-series feature. The total flow of network traffic used is 442,240 data. The results showed that 15 main features selected based on literature studies resulted in F-measure 0.6404 with hidden neurons 12, learning rate 0.1, and epoch 300. As a comparison, the researchers chose 12 features based on the nature of the malware possessed, with the F-measure score of 0.666 with hidden neurons 12, learning rate 0.05, and epoch 300. This study found the importance of data normalization technique to ensure that no feature was far more dominant than other features. It was concluded that the analysis of network traffic features using Neural Network can be used to detect cyber malware attacks and more features does not imply better detection performance, but real-time malware detection is required for network traffic on IoT devices and smartphones.

[1]  Jun Zhang,et al.  Network Traffic Classification Using Correlation Information , 2013, IEEE Transactions on Parallel and Distributed Systems.

[2]  Jens Myrup Pedersen,et al.  An analysis of network traffic classification for botnet detection , 2015, 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA).

[3]  Hajime Shimada,et al.  Malware classification method based on sequence of traffic flow , 2015, 2015 International Conference on Information Systems Security and Privacy (ICISSP).

[4]  Ananthram Swami,et al.  Malware traffic detection using tamper resistant features , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[5]  Amit Jain,et al.  Malware Detection Techniques in Android , 2015 .

[6]  Jens Myrup Pedersen,et al.  An efficient flow-based botnet detection using supervised machine learning , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[7]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[8]  Ali A. Ghorbani,et al.  Towards a Network-Based Framework for Android Malware Detection and Characterization , 2017, 2017 15th Annual Conference on Privacy, Security and Trust (PST).

[9]  Dan Jiang,et al.  An Approach to Detect Remote Access Trojan in the Early Stage of Communication , 2015, 2015 IEEE 29th International Conference on Advanced Information Networking and Applications.