Analysis of Malware Impact on Network Traffic using Behavior-based Detection Technique

Muhtadi, Adib Fakhri; Almaarif, Ahmad

doi:10.25008/ijadis.v1i1.14

Cited by 7 publications

(5 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This method allows academics and practitioners to objectively quantify the effectiveness of their algorithms. The use of this benchmark enables an equitable evaluation of various methodologies and encourages progress in the field of anomaly detection specifically in the domain of time-series data analysis [81].…”

Section: Numenta Anomaly Benchmark (Nab)mentioning

confidence: 99%

From Bytes to Insights: A Systematic Literature Review on Unraveling IDS Datasets for Enhanced Cybersecurity Understanding

Khanan,

Abdelgadir Mohamed,

Mohamed

et al. 2024

IEEE Access

View full text Add to dashboard Cite

In the wake of the expanding digital realm, the imperative for robust cybersecurity measures has burgeoned significantly. This extensive investigation digs into the complicated realm of cybersecurity datasets, with the goal of improving our understanding and implementation of these critical tools. This study's comprehensive evaluation of 37 distinct datasets shows a complicated world in which no one dataset stands out as totally suitable for all uses. A precise balance must be struck between crucial dataset qualities such as diversity, authenticity, and usefulness. Using a complete assessment technique, this paper illuminates the challenges and possibilities that developers and researchers face in the field of cybersecurity datasets. Although some databases accurately identify certain forms of cyberattacks, their coverage may not include the whole range of cyber threats. On the other hand, datasets with a strong emphasis on accurate portrayal may forgo comprehensiveness or practical use. This intricacy is heightened by the dynamic and sophisticated nature of cyber threats, emphasizing the delicate balance required between accuracy and practicality. The study emphasizes the necessity of selecting datasets strategically and contextually for cybersecurity studies, with the goal of matching research objectives with the most appropriate dataset selections. Furthermore, it emphasizes the need of continual cooperation and innovation within the cybersecurity community in developing datasets that accurately represent the ever-changing nature of cyber threats. After analyzing 37 cybersecurity datasets, it is obvious that no one dataset can meet all of the field's unique demands, demonstrating the need of a flexible, adaptable, and developing dataset for intrusion detection systems (IDS). This inquiry offers a critical assessment of dataset characteristics and their related issues, providing essential insights for academics, professionals, and dataset creators, enabling the construction of a more resilient and adaptable cybersecurity infrastructure.

show abstract

Section: Numenta Anomaly Benchmark (Nab)mentioning

confidence: 99%

From Bytes to Insights: A Systematic Literature Review on Unraveling IDS Datasets for Enhanced Cybersecurity Understanding

Khanan,

Abdelgadir Mohamed,

Mohamed

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…It is an analysis that assesses the behavior of an object. Behavior-based detection can be performed by using API call logs [24], network flow (NetFlow) [10], and is also a hybrid between API call and Netflow [25]. A flow is a collection of packets that come from the same source and destination.…”

Section: Behavior-based and Flow-based Featuresmentioning

confidence: 99%

“…Flow-based botnet detection techniques employ statistics of all packet headers in a flow (flow record). Because the flow-https://doi.org/10.31436/iiumej.v23i1.1789 based approach only catches packet header information, it can reduce the computational complexity [24][25][26] and be processed very quickly.…”

Section: Behavior-based and Flow-based Featuresmentioning

confidence: 99%

Botnet Detection Using Independent Component Analysis

Ibrahim

Anuar

Selamat³

et al. 2022

IIUMEJ

View full text Add to dashboard Cite

Botnet is a significant cyber threat that continues to evolve. Botmasters continue to improve the security framework strategy for botnets to go undetected. Newer botnet source code runs attack detection every second, and each attack demonstrates the difficulty and robustness of monitoring the botnet. In the conventional network botnet detection model that uses signature-analysis, the patterns of a botnet concealment strategy such as encryption & polymorphic and the shift in structure from centralized to decentralized peer-to-peer structure, generate challenges. Behavior analysis seems to be a promising approach for solving these problems because it does not rely on analyzing the network traffic payload. Other than that, to predict novel types of botnet, a detection model should be developed. This study focuses on using flow-based behavior analysis to detect novel botnets, necessary due to the difficulties of detecting existing patterns in a botnet that continues to modify the signature in concealment strategy. This study also recommends introducing Independent Component Analysis (ICA) and data pre-processing standardization to increase data quality before classification. With and without ICA implementation, we compared the percentage of significant features. Through the experiment, we found that the results produced from ICA show significant improvements. The highest F-score was 83% for Neris bot. The average F-score for a novel botnet sample was 74%. Through the feature importance test, the feature importance increased from 22% to 27%, and the training model false positive rate also decreased from 1.8% to 1.7%. ABSTRAK: Botnet merupakan ancaman siber yang sentiasa berevolusi. Pemilik bot sentiasa memperbaharui strategi keselamatan bagi botnet agar tidak dapat dikesan. Setiap saat, kod-kod sumber baru botnet telah dikesan dan setiap serangan dilihat menunjukkan tahap kesukaran dan ketahanan dalam mengesan bot. Model pengesanan rangkaian botnet konvensional telah menggunakan analisis berdasarkan tanda pengenalan bagi mengatasi halangan besar dalam mengesan corak botnet tersembunyi seperti teknik penyulitan dan teknik polimorfik. Masalah ini lebih bertumpu pada perubahan struktur berpusat kepada struktur bukan berpusat seperti rangkaian rakan ke rakan (P2P). Analisis tingkah laku ini seperti sesuai bagi menyelesaikan masalah-masalah tersebut kerana ianya tidak bergantung kepada analisis rangkaian beban muatan trafik. Selain itu, bagi menjangka botnet baru, model pengesanan harus dibangunkan. Kajian ini bertumpu kepada penggunaan analisa tingkah-laku berdasarkan aliran bagi mengesan botnet baru yang sukar dikesan pada corak pengenalan botnet sedia-ada yang sentiasa berubah dan menggunakan strategi tersembunyi. Kajian ini juga mencadangkan penggunakan Analisis Komponen Bebas (ICA) dan pra-pemprosesan data yang standard bagi meningkatkan kualiti data sebelum pengelasan. Peratusan ciri-ciri penting telah dibandingkan dengan dan tanpa menggunakan ICA. Dapatan kajian melalui eksperimen menunjukkan dengan penggunaan ICA, keputusan adalah jauh lebih baik. Skor F tertinggi ialah 83% bagi bot Neris. Purata skor F bagi sampel botnet baru adalah 74%. Melalui ujian kepentingan ciri, kepentingan ciri meningkat dari 22% kepada 27%, dan kadar positif model latihan palsu juga berkurangan dari 1.8% kepada 1.7%.

show abstract

“…Backdoor works by entering the system and accessing files illegally. This malware will let users connect to the system and then will attack network traffic to get a password [21][22][23][24].…”

Section: Malware Classificationmentioning

confidence: 99%

Impact Analysis of Malware Based on Call Network API With Heuristic Detection Method

Suryati

Budiono

2020

Int. J. Adv. Data Inf. Syst.

View full text Add to dashboard Cite

Malware is a program that has a negative influence on computer systems that don't have user permissions. The purpose of making malware by hackers is to get profits in an illegal way. Therefore, we need a malware analysis. Malware analysis aims to determine the specifics of malware so that security can be built to protect computer devices. One method for analyzing malware is heuristic detection. Heuristic detection is an analytical method that allows finding new types of malware in a file or application. Many malwares are made to attack through the internet because of technological advancements. Based on these conditions, the malware analysis is carried out using the API call network with the heuristic detection method. This aims to identify the behavior of malware that attacks the network. The results of the analysis carried out are that most malware is spyware, which is lurking user activity and retrieving user data without the user's knowledge. In addition, there is also malware that is adware, which displays advertisements through pop-up windows on computer devices that interfaces with user activity. So that with these results, it can also be identified actions that can be taken by the user to protect his computer device, such as by installing antivirus or antimalware, not downloading unauthorized applications and not accessing unsafe websites.

show abstract

Analysis of Malware Impact on Network Traffic using Behavior-based Detection Technique

Cited by 7 publications

References 14 publications

From Bytes to Insights: A Systematic Literature Review on Unraveling IDS Datasets for Enhanced Cybersecurity Understanding

From Bytes to Insights: A Systematic Literature Review on Unraveling IDS Datasets for Enhanced Cybersecurity Understanding

Botnet Detection Using Independent Component Analysis

Impact Analysis of Malware Based on Call Network API With Heuristic Detection Method

Contact Info

Product

Resources

About