Abstract
In this paper we have presented the preliminary results of the methods of malware detection on the basis of the analysis of network volume properties. The main contribution of our research is the new approach to enrich aggregated features, collected from network flow analysis, with so called local statistics that capture the properties of vectors located in the nearest neighbourhood. Our analyses are conveyed on real-life network samples.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Antivirus is dead, says maker of Norton Antivirus http://www.pcworld.com/article/2150743/antivirus-is-dead-says-maker-of-norton-antivirus.html
Claise, B.: Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational) (2004)
Dean, J., Ghemawat, S.: MapReduce: simplified data processing on large clusters. In: Symposium on Opearting Systems Design and Implementation (OSDI). USENIX Association (2004)
Francis, J., Wang, S., State, R., Engel, T.: Bottrack: tracking botnets using netflow and pagerank. In: Proceedings of IFIP/TC6 Networking (2011)
Garcia, S., Grill, M., Stiborek, H., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. J. Elsevier 45, 100–123 (2014)
Kong, D., Jhi, Y.C., Gong, T., Zhu, S., Liu, P., Xi, H.: SAS: semantics aware signature generation for polymorphic worm detection. Int. J. Inf. Secur. 10(5), 269–283 (2011)
Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. ACM SIGCOMM Comput. Commun. Rev. 34, 357–374 (2004)
Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. ACM SIGCOMM Comput. Commun. Rev. 35, 217–228 (2005)
New Havex malware variants target industrial control system and SCADA users. http://www.pcworld.com/article/2367240/new-havex-malware-variants-target-industrial-control-system-and-scada-users.html
SNORT. Project homepage. http://www.snort.org/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Kozik, R., Choraś, M. (2016). Local Statistic Embedding for Malware Behaviour Modelling. In: Choraś, R. (eds) Image Processing and Communications Challenges 7. Advances in Intelligent Systems and Computing, vol 389. Springer, Cham. https://doi.org/10.1007/978-3-319-23814-2_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-23814-2_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23813-5
Online ISBN: 978-3-319-23814-2
eBook Packages: EngineeringEngineering (R0)