Evaluation of secular changes in statistical features of traffic for the purpose of malware detection

Kenji Kawamoto, Masatsugu Ichino, Mitsuhiro Hatada, Yusuke Otsuki, Hiroshi Yoshiura, Jiro Katto

研究成果: Conference contribution

1 被引用数 (Scopus)

抄録

Applications and malware affecting them are dramatically changing. It isn't certain whether the currently used features can classify normal traffic or malware traffic correctly. In this paper, we evaluated the features used in previous studies while taking into account secular changes to classify normal traffic into the normal category and anomalous traffic into the anomalous category correctly. A secular change in this study is a difference in a feature between the date the training data were caputred and the date the test data were captured in the same circumstance. The evaluation is based on the Euclidean distance between the normal codebook or anomalous codebook made by vector quantization and the test data. We report on what causes these secular changes and which features with little or no secular change are effective for malware detection.

本文言語English
ホスト出版物のタイトルSoftware Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012
出版社Springer Verlag
ページ1-11
ページ数11
ISBN(印刷版)9783642321719
DOI
出版ステータスPublished - 2013 1 1

出版物シリーズ

名前Studies in Computational Intelligence
443
ISSN(印刷版)1860-949X

ASJC Scopus subject areas

  • Artificial Intelligence

フィンガープリント 「Evaluation of secular changes in statistical features of traffic for the purpose of malware detection」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル