Skip to main content
SpringerLink
Log in
Book cover

Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012 pp 1–11Cite as

Evaluation of Secular Changes in Statistical Features of Traffic for the Purpose of Malware Detection

  • Conference paper

Part of the book series: Studies in Computational Intelligence ((SCI,volume 443))

Abstract

Applications and malware affecting them are dramatically changing. It isn’t certain whether the currently used features can classify normal traffic or malware traffic correctly. In this paper, we evaluated the features used in previous studies while taking into account secular changes to classify normal traffic into the normal category and anomalous traffic into the anomalous category correctly. A secular change in this study is a difference in a feature between the date the training data were caputred and the date the test data were captured in the same circumstance. The evaluation is based on the Euclidean distance between the normal codebook or anomalous codebook made by vector quantization and the test data. We report on what causes these secular changes and which features with little or no secular change are effective for malware detection.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Internetthreatmonthlyreport (May 2011), http://ip.trendmicro.com/jp/threat/security_news/monthlyreport/article/20110602082147.html

  2. Fujiwara, M., Terada, M., Abe, T., Kikuchi, H.: Study for the classification of malware by infectionactivities. In: IPSJCSEC, vol. 21, pp. 177–182 (March 2008) (in Japanese)

    Google Scholar 

  3. Ichino, M., Sakano, H., Komatsu, N.: Speaker Recognition Using Kernel Mutual Sbuspace Method, Thetransactions of the Institute of Electronics. Information and Communication Engineers 88(8), 1331–1338 (2005)

    Google Scholar 

  4. Karamcheti, V., Geiger, D., Kedem, Z., Muthukrishan, S.M.: Detecting malicious network traffic usinginverse distributions of packet contents. In: The ACM SIGCOMM Workshop on Mining Network Data, pp. 165–170 (2005)

    Google Scholar 

  5. Hatada, M., Nakatsuru, I., Akiyama, M.: Datasets for Anti-Malware Resarrch-MWS2011Datases-, MWS2011 (October 2011) (in Japanese)

    Google Scholar 

  6. Sato, Y., Waizumi, Y., Nemoto, Y.: Improving Accuracy of Network-basedanomalous Detection Using Multiple Detection Modules. Technical Commiteeon Network Systems (2004) (in Japanese)

    Google Scholar 

  7. Hiramatsu, N., Waizumi, Y., Tsunoda, H., Nemoto, Y.: Using Multiple Normal States for Network Anomaly Detection. In: IEICE (2006) (in Japanese)

    Google Scholar 

  8. Kugisaki, Y., Kasahara, Y., Hori, Y., Sakurai, K.: Study for botnet detection based on behavior observation of datatransmission interval. In: SCIS (2009) (in Japanese)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Fundamental Science and Engineering, Waseda University, Tokyo, Japan

    Kenji Kawamoto & Jiro Katto

  2. University of Electoro-Communications, Tokyo, Japan

    Masatsugu Ichino, Yusuke Otsuki & Hiroshi Yoshiura

  3. NTT Communications Corporation, Tokyo, Japan

    Mitsuhiro Hatada

Authors
  1. Kenji Kawamoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Masatsugu Ichino
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mitsuhiro Hatada
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yusuke Otsuki
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hiroshi Yoshiura
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jiro Katto
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kenji Kawamoto .

Editor information

Editors and Affiliations

  1. Software Engineering & Information, Technology Institute, Central Michigan University, Mt. Pleasant, 48859, USA

    Roger Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kawamoto, K., Ichino, M., Hatada, M., Otsuki, Y., Yoshiura, H., Katto, J. (2013). Evaluation of Secular Changes in Statistical Features of Traffic for the Purpose of Malware Detection. In: Lee, R. (eds) Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012. Studies in Computational Intelligence, vol 443. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32172-6_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32172-6_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32171-9

  • Online ISBN: 978-3-642-32172-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation