Stateless malware packet detection by incorporating Naive Bayes with known malware signatures

Malware detection done at the network infrastructure level is still an open research problem ,considering the evolution of malwares and high detection accuracy needed to detect these threats. Content based classification techniques have been proven capable of detecting malware without matching for m...

Full description

Saved in:
Bibliographic Details
Main Authors: Ismail, Ismahani, Mohd. Nor, Sulaiman, Marsono, Muhammad Nadzir
Format: Article
Published: Hindawi Limited 2014
Subjects:
Online Access:http://eprints.utm.my/id/eprint/59949/
http://dx.doi.org/10.1155/2014/197961
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknologi Malaysia
id my.utm.59949
record_format eprints
spelling my.utm.599492022-04-24T01:21:04Z http://eprints.utm.my/id/eprint/59949/ Stateless malware packet detection by incorporating Naive Bayes with known malware signatures Ismail, Ismahani Mohd. Nor, Sulaiman Marsono, Muhammad Nadzir TK Electrical engineering. Electronics Nuclear engineering Malware detection done at the network infrastructure level is still an open research problem ,considering the evolution of malwares and high detection accuracy needed to detect these threats. Content based classification techniques have been proven capable of detecting malware without matching for malware signatures. However, the performance of the classification techniques depends on observed training samples. In this paper, a new detection method that incorporates Snort malware signatures into Naive Bayes model training is proposed. Through experimental work, we prove that the proposed work results in low features search space for effective detection at the packet level. This paper also demonstrates the viability of detecting malware at the stateless level (using packets) as well as at the stateful level (using TCP byte stream). The result shows that it is feasible to detect malware at the stateless level with similar accuracy to the stateful level, thus requiring minimal resource for implementation on middleboxes. Stateless detection can give a better protection to end users by detecting malware on middleboxes without having to reconstruct stateful sessions and before malwares reach the end users. Hindawi Limited 2014-04 Article PeerReviewed Ismail, Ismahani and Mohd. Nor, Sulaiman and Marsono, Muhammad Nadzir (2014) Stateless malware packet detection by incorporating Naive Bayes with known malware signatures. Applied Computational Intelligence and Soft Computing, 2014 . p. 197961. ISSN 1687-9724 http://dx.doi.org/10.1155/2014/197961 DOI:10.1155/2014/197961
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
topic TK Electrical engineering. Electronics Nuclear engineering
spellingShingle TK Electrical engineering. Electronics Nuclear engineering
Ismail, Ismahani
Mohd. Nor, Sulaiman
Marsono, Muhammad Nadzir
Stateless malware packet detection by incorporating Naive Bayes with known malware signatures
description Malware detection done at the network infrastructure level is still an open research problem ,considering the evolution of malwares and high detection accuracy needed to detect these threats. Content based classification techniques have been proven capable of detecting malware without matching for malware signatures. However, the performance of the classification techniques depends on observed training samples. In this paper, a new detection method that incorporates Snort malware signatures into Naive Bayes model training is proposed. Through experimental work, we prove that the proposed work results in low features search space for effective detection at the packet level. This paper also demonstrates the viability of detecting malware at the stateless level (using packets) as well as at the stateful level (using TCP byte stream). The result shows that it is feasible to detect malware at the stateless level with similar accuracy to the stateful level, thus requiring minimal resource for implementation on middleboxes. Stateless detection can give a better protection to end users by detecting malware on middleboxes without having to reconstruct stateful sessions and before malwares reach the end users.
format Article
author Ismail, Ismahani
Mohd. Nor, Sulaiman
Marsono, Muhammad Nadzir
author_facet Ismail, Ismahani
Mohd. Nor, Sulaiman
Marsono, Muhammad Nadzir
author_sort Ismail, Ismahani
title Stateless malware packet detection by incorporating Naive Bayes with known malware signatures
title_short Stateless malware packet detection by incorporating Naive Bayes with known malware signatures
title_full Stateless malware packet detection by incorporating Naive Bayes with known malware signatures
title_fullStr Stateless malware packet detection by incorporating Naive Bayes with known malware signatures
title_full_unstemmed Stateless malware packet detection by incorporating Naive Bayes with known malware signatures
title_sort stateless malware packet detection by incorporating naive bayes with known malware signatures
publisher Hindawi Limited
publishDate 2014
url http://eprints.utm.my/id/eprint/59949/
http://dx.doi.org/10.1155/2014/197961
_version_ 1732945385846996992