Data Mining Methods for Detection of New Malicious Executables
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Hi-index | 0.01 |
As IPv4/IPv6 transition mechanism, there are a Dual Stack, Tunneling, and Translation. Among them, tunneling may be misused in order for an malicious code to avoid a firewall system or intrusion detection system. In this study, the methodology which classifies the normal traffic and malicious traffic in IPv4/IPv6 tunneling environment, by using 'Naive Bayes Classifier' which shows an excellent performance for a text categorization is discussed. In general, Internet worms or remote attack scripts include the certain features, that is, signature or machine instructions. Network packet can be supposed as one of general document. Accordingly, 'Naive Bayes Classifier' can be utilized for the network traffic analysis. This study indicates the method which can detects the new form's malicious code in IPv4/IPv6 transition environment by applying 'Naive Bayes Classifier', and it can be effectively applied to an encapsulated packet.