Path: Top -> Journal -> Telkomnika -> 2019 -> Vol 17, No 4, August 2019

Pre-filters in-transit malware packets detection in the network

Journal from gdlhub / 2019-06-25 10:48:44
Oleh : Ban Mohammed Khammas, Ismahani Ismail, M. N. Marsono, Telkomnika
Dibuat : 2019-06-25, dengan 1 file

Keyword : malware detection, middle path, network security, SVM
Url : http://journal.uad.ac.id/index.php/TELKOMNIKA/article/view/12065
Sumber pengambilan dokumen : WEB

Conventional malware detection systems cannot detect most of the new malware in the network without the availability of their signatures. In order to solve this problem, this paper proposes a technique to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a combination of known malware sub-signature and machine learning classification. This network-based malware detection is achieved through a middle path for efficient processing of non-malware packets. The proposed technique has been tested and verified using multiple data sets (metamorphic malware, non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in the network-based before they reached the host better than the previous works which detect malware in host-based. Experimental results showed that the proposed technique can speed up the transmission of more than 98% normal packets without sending them to the slow path, and more than 97% of malware packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic malware packets in the test dataset could be detected. The proposed technique is 37 times faster than existing technique.

Beri Komentar ?#(0) | Bookmark

PropertiNilai Properti
ID Publishergdlhub
OrganisasiTelkomnika
Nama KontakHerti Yani, S.Kom
AlamatJln. Jenderal Sudirman
KotaJambi
DaerahJambi
NegaraIndonesia
Telepon0741-35095
Fax0741-35093
E-mail Administratorelibrarystikom@gmail.com
E-mail CKOelibrarystikom@gmail.com

Print ...

Kontributor...

  • , Editor: sustriani

Download...