Towards Fingerprinting Malicious Traffic
详细信息 查看全文
- 作者:Amine Boukhtouta ; Nour-Eddine Lakhdari ; Serguei A. Mokhov ; Mourad Debbabi
- 关键词:Traffic Classification ; Malicious Traffic Detection ; Malware Analysis
- 刊名:Procedia Computer Science
- 出版年:2013
- 出版时间:2013
- 年:2013
- 卷:19
- 期:Complete
- 页码:548-555
- 全文大小:421 K
文摘
The primary intent of this paper is detect malicious traffic at the network level. To this end, we apply several machine learning techniques to build classifiers that fingerprint maliciousness on IP traffic. As such, J48, N??ve Bayesian, SVM and Boosting algorithms are used to classify malware communications that are generated from dynamic malware anal- ysis framework. The generated traffic log files are pre-processed in order to extract features that characterize malicious packets. The data mining algorithms are applied on these features. The comparison between different algorithms results has shown that J48 and Boosted J48 algorithms have performed better than other algorithms. We managed to obtain a detection rate of 99 % of malicious traffic with a false positive rate less than 1 % for J48 and Boosted J48 algorithms. Additional tests have generated results that show that our model can detect malicious traffic obtained from different sources.