Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic

Authors:
Yuval Elovici;Asaf Shabtai;Robert Moskovitch;Gil Tahan;Chanan Glezer
Affiliations:
Deutsche Telekom Laboratories at Ben-Gurion University, Be'er Sheva, 84105, Israel;Deutsche Telekom Laboratories at Ben-Gurion University, Be'er Sheva, 84105, Israel;Deutsche Telekom Laboratories at Ben-Gurion University, Be'er Sheva, 84105, Israel;Deutsche Telekom Laboratories at Ben-Gurion University, Be'er Sheva, 84105, Israel;Deutsche Telekom Laboratories at Ben-Gurion University, Be'er Sheva, 84105, Israel
Venue:
KI '07 Proceedings of the 30th annual German conference on Advances in Artificial Intelligence
Year:
2007

Citing 7
Cited 5

Fusion, propagation, and structuring in belief networks

Artificial Intelligence
C4.5: programs for machine learning

C4.5: programs for machine learning
Neural Networks for Pattern Recognition

Neural Networks for Pattern Recognition
An Empirical Comparison of Voting Classification Algorithms: Bagging, Boosting, and Variants

Machine Learning
Data Mining Methods for Detection of New Malicious Executables

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Learning to detect malicious executables in the wild

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
N-Gram-Based Detection of New Malicious Code

COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - Volume 02

An FSM-Based Approach for Malicious Code Detection Using the Self-Relocation Gene

ICIC '08 Proceedings of the 4th international conference on Intelligent Computing: Advanced Intelligent Computing Theories and Applications - with Aspects of Theoretical and Methodological Issues
Towards early warning systems: challenges, technologies and architecture

CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
Practical experiences with purenet, a self-learning malware prevention system

iNetSec'10 Proceedings of the 2010 IFIP WG 11.4 international conference on Open research problems in network security
A Decision Support System for Placement of Intrusion Detection and Prevention Devices in Large-Scale Networks

ACM Transactions on Modeling and Computer Simulation (TOMACS)
Mal-ID: automatic malware detection using common segment analysis and meta-features

The Journal of Machine Learning Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Early Detection, Alert and Response (eDare) system is aimed at purifying Web traffic propagating via the premises of Network Service Providers (NSP) from malicious code. To achieve this goal, the system employs powerful network traffic scanners capable of cleaning traffic from known malicious code. The remaining traffic is monitored and Machine Learning (ML) algorithms are invoked in an attempt to pinpoint unknown malicious code exhibiting suspicious morphological patterns. Decision trees, Neural Networks and Bayesian Networks are used for static code analysis in order to determine whether a suspicious executable file actually inhabits malicious code. These algorithms are being evaluated and preliminary results are encouraging.