RAT-based malicious activities detection on enterprise internal networks

Yamada, Masahiro; Morinaga, Masanobu; Unno, Yuki; Torii, Shuki; Takenaka, Masahiko

doi:10.1109/icitst.2015.7412113

Cited by 13 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast with conventional Trojans, RATs have the capability to provide unauthorized access and control over a system through remote connections, without the host's knowledge (Yamada et al, 2015). This article will focus on the complexity of RATs aiming to identify files infected with them by relying on the texture derived from the transformation of executables into images.…”

Section: Theoretical Notions About Remote Access Trojans (Rats)mentioning

confidence: 99%

Remote Access Trojans Detection Using Convolutional and Transformer-based Deep Learning Techniques

FLOROIU,

NIGA

et al. 2024

ROCYS

View full text Add to dashboard Cite

In recent years, the cybersecurity landscape has been marked by an increased focus on malware attacks, specifically on Trojan-type malware attack that poses a significant threat to Windows and Linux operating systems. This threat underscores the necessity for proactive prevention measures. The present study employs intelligent algorithms to detect malware, with a specific focus on identifying Remote Access Trojans (RATs). RATs are chosen for examination due to their persistent evolution, their increased number of attacks in the last period and, also, their discreet operation within executable files. The dataset for the algorithms is created by computing texture images over a large number of executable files infected with RATs. Various machine learning models, including VGG-16, VGG-19, and ResNet50, are explored for their effectiveness in identifying malicious programs. Additionally, this research delves into transformer architectures, such as the Vision Transformer (ViT), particularly in image classification tasks. Emphasizing the importance of integrating advanced machine learning techniques into cybersecurity efforts, this study aims to strengthen defense mechanisms against evolving cyber threats. Ongoing research is directed towards refining model performance and validating findings across diverse malware datasets.

show abstract

Section: Theoretical Notions About Remote Access Trojans (Rats)mentioning

confidence: 99%

Remote Access Trojans Detection Using Convolutional and Transformer-based Deep Learning Techniques

FLOROIU,

NIGA

et al. 2024

ROCYS

View full text Add to dashboard Cite

show abstract

“…To detect RAT with high accuracy, it is necessary to study and analyze every behaviour of the RAT. As mentioned in [35], most existing RATs have the functions of the killing process, editing registry, searching file, executing program, uploading files, sustaining connection and so on. By analyzing these functions from the perspective of detection, it can be found that the behaviours of killing process, editing registry and searching file can be detected by using appropriate host-side features because the execution of these functions left more traces on the host than on the network.…”

Section: Host-side and Network-side Detectionsmentioning

confidence: 99%

PRATD: A Phased Remote Access Trojan Detection Method with Double-Sided Features

et al. 2020

View full text Add to dashboard Cite

Remote Access Trojan (RAT) is one of the most terrible security threats that organizations face today. At present, two major RAT detection methods are host-based and network-based detection methods. To complement one another’s strengths, this article proposes a phased RATs detection method by combining double-side features (PRATD). In PRATD, both host-side and network-side features are combined to build detection models, which is conducive to distinguishing the RATs from benign programs because that the RATs not only generate traffic on the network but also leave traces on the host at run time. Besides, PRATD trains two different detection models for the two runtime states of RATs for improving the True Positive Rate (TPR). The experiments on the network and host records collected from five kinds of benign programs and 20 famous RATs show that PRATD can effectively detect RATs, it can achieve a TPR as high as 93.609% with a False Positive Rate (FPR) as low as 0.407% for the known RATs, a TPR 81.928% and FPR 0.185% for the unknown RATs, which suggests it is a competitive candidate for RAT detection.

show abstract

“…Yamada et al [15] presented an approach for raising alarms for hosts with reconnaissance in their network pattern activities, which compromise other hosts using administrative network protocols. Wu et al [16] introduced a framework for detecting RAT bots at the network gateway.…”

Section: Related Workmentioning

confidence: 99%

“…On the other hand, successful detection of infection resulted from the botminer framework [14] needs a large number of infected machines in the same network while the proposed collaborative framework gets over this requirement by using heuristic and machine learning techniques to detect even one infected machine in the monitored network. For the competitive framework in [15], a RAT botnet is detected by analyzing the network traffic to get specific management protocol commands for botnet detection. This could limit the detection capabilities specifically for RAT bots that do not use such types of commands.…”

Section: A Comparison With Competitive Adversarial Frameworkmentioning

confidence: 99%

Collaborative Framework for Early Detection of RAT-Bots Attacks

2019

View full text Add to dashboard Cite

Attackers tend to use Remote Access Trojans (RATs) to compromise and control a targeted computer, which makes the RAT detection as an active research field. This paper introduces a machine learning-based framework for detecting compromised hosts and networks that are infected by the RAT-Bots. The proposed framework consists of two agents that are integrated to achieve reliable early detection of the RAT-bots. The first agent, the host agent, is responsible for monitoring the system behavior of the running host and raising an alarm for any anomalies. The second agent, the network agent, monitors the network traffic to extract any malicious patterns. The integrated approach improves both the detection ratio and accuracy. However, each approach cannot separately achieve the same performance as the proposed RAT-Bots detection framework. The performance of the introduced framework is evaluated by using real-world benchmark datasets. The experimental results show that the proposed approach can achieve an accuracy of 98.83% with 1.45% false positive rate.

show abstract

RAT-based malicious activities detection on enterprise internal networks

Cited by 13 publications

References 8 publications

Remote Access Trojans Detection Using Convolutional and Transformer-based Deep Learning Techniques

Remote Access Trojans Detection Using Convolutional and Transformer-based Deep Learning Techniques

PRATD: A Phased Remote Access Trojan Detection Method with Double-Sided Features

Collaborative Framework for Early Detection of RAT-Bots Attacks

Contact Info

Product

Resources

About