APT MALWARE DETECTION ON COMPUTER NETWORK WITH MACHINE LEARNING TECHNIQUE
In the world of technology, malware or malicious software is often used for cybercrime activities (e.g., stealing credential information, spying on someone, etc.). Some criminal organizations try to use malware as a facility for achieving their goal. Malware is often used in one type of cyber-attack...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/42510 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | In the world of technology, malware or malicious software is often used for cybercrime activities (e.g., stealing credential information, spying on someone, etc.). Some criminal organizations try to use malware as a facility for achieving their goal. Malware is often used in one type of cyber-attack by organization called APT or Advanced Persistent Threat. In short, APT attack is a sophisticated cyberattack that designed by an organization. Organization that carry out APT attack generally have good resources, organized, and have specific targets such as government, well-known companies, etc. Until now, malware detection tools on network such as Snort and Suricata have not been able to detect APT malware activity effectively due to special characteristics of APT malware and using signature-based malware detection technique to detect APT malware activity. Therefore, this study will build a malware detection system that can handle the characteristics of APT malware and can detect APT malware activity on network using non-signature based approach.
This study begins by analyzing all matters related to APT attacks, starting from the definition, characteristics, and the attack process. Then, things that cause the ineffectiveness of malware detection tools when detecting APT malware will be sought and analyzed. From those causes, the most appropriate malware detection technique will be sought. After that, the proposed system will be built using the most appropriate technique and engine based on machine learning. The engine on system will be built using machine learning technique because all malware detection techniques beside signature-based are using machine learning to build its engine. In the end, the proposed system can detect APT malware activity on network from 36 pcap file that contain APT malware activity with recall 57.895% - 100%, and false negative 8% - 31% on benign network. |
|---|