Local Statistic Embedding for Malware Behaviour Modelling

Kozik, Rafał; Choraś, Michał

doi:10.1007/978-3-319-23814-2_30

Rafał Kozik¹⁵ &
Michał Choraś¹⁵

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 389))

719 Accesses

Abstract

In this paper we have presented the preliminary results of the methods of malware detection on the basis of the analysis of network volume properties. The main contribution of our research is the new approach to enrich aggregated features, collected from network flow analysis, with so called local statistics that capture the properties of vectors located in the nearest neighbourhood. Our analyses are conveyed on real-life network samples.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Softcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Antivirus is dead, says maker of Norton Antivirus http://www.pcworld.com/article/2150743/antivirus-is-dead-says-maker-of-norton-antivirus.html
Claise, B.: Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational) (2004)
Google Scholar
Dean, J., Ghemawat, S.: MapReduce: simplified data processing on large clusters. In: Symposium on Opearting Systems Design and Implementation (OSDI). USENIX Association (2004)
Google Scholar
Francis, J., Wang, S., State, R., Engel, T.: Bottrack: tracking botnets using netflow and pagerank. In: Proceedings of IFIP/TC6 Networking (2011)
Google Scholar
Garcia, S., Grill, M., Stiborek, H., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. J. Elsevier 45, 100–123 (2014)
Google Scholar
Kong, D., Jhi, Y.C., Gong, T., Zhu, S., Liu, P., Xi, H.: SAS: semantics aware signature generation for polymorphic worm detection. Int. J. Inf. Secur. 10(5), 269–283 (2011)
Article Google Scholar
Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. ACM SIGCOMM Comput. Commun. Rev. 34, 357–374 (2004)
Article Google Scholar
Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. ACM SIGCOMM Comput. Commun. Rev. 35, 217–228 (2005)
Article Google Scholar
New Havex malware variants target industrial control system and SCADA users. http://www.pcworld.com/article/2367240/new-havex-malware-variants-target-industrial-control-system-and-scada-users.html
SNORT. Project homepage. http://www.snort.org/

Download references

Author information

Authors and Affiliations

Institute of Telecommunications and Computer Science, UTP University of Science and Technology in Bydgoszcz, Bydgoszcz, Poland
Rafał Kozik & Michał Choraś

Authors

Rafał Kozik
View author publications
You can also search for this author in PubMed Google Scholar
Michał Choraś
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rafał Kozik .

Editor information

Editors and Affiliations

Bydgoszcz, Poland
Ryszard S. Choraś

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kozik, R., Choraś, M. (2016). Local Statistic Embedding for Malware Behaviour Modelling. In: Choraś, R. (eds) Image Processing and Communications Challenges 7. Advances in Intelligent Systems and Computing, vol 389. Springer, Cham. https://doi.org/10.1007/978-3-319-23814-2_30

Download citation

DOI: https://doi.org/10.1007/978-3-319-23814-2_30
Published: 15 October 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23813-5
Online ISBN: 978-3-319-23814-2
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics