Feature selection in network-level behavioural analysis studies is used to represent the network datasets of a monitored space. However, recent studies have shown that current behavioural analysis methods at the network-level have several issues. The reduction of millions of instances, disregarded parameters, removed similarities of most of the traffic flows to reduce information noise, insufficient number of optimised features and ignore instances which are not an entity are amongst the other issue that have been identified as the main issues contributing to the inability to predict zero-day attacks. Therefore, this paper aims to select the optimal features that will improve the prediction and behavioural analysis. The training dataset will be trained to use the embedded feature selection method which incorporates both the filter and wrapper method. Correlation coefficient, r and weighted score, w j will be used. The accepted or selected features will be optimised uses Beta distribution functions, β, to find its maximum likelihood, Ɩ max . The final selected features will be trained by the Bayesian Network classifier and tested through several testing datasets. Finally, this method was compared to several other feature selection methods. Final results show the proposed selection method's performance against other datasets consistently outperform other methods.
The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to assure end users of their privacy and confidentiality. Although the TPM is designed to prevent software attacks, the TPM itself is vulnerable to physical attacks that could enable intruders to gain access to confidential data. In general, the TPM provides an ID and implements a password identification technique to prevent unauthorized users from gaining access to the TPM. The TPM user authentication is carried out by the TPM itself, which exposes the TPM to direct risk as highly skilled intruders can break the authentication line of defence and gain access to the TPM. The process of encrypting and decrypting information, especially when asymmetric algorithms are used, is viewed as a process that consumes time and resources, which decreases the speed of the computer. In order to solve the problems, a TPM User Authentication Model (TPM-UAM) that can provide the TPM with a higher level of security and resistance against physical attacks has been proposed as we proposed in our previous research paper (Alshar'e et al., 2014). The technique is based on biometric authentication to prove the identity of the users and to allow the process of authentication to happen at an independent platform using virtualization that will keep the TPM out of reach until a user is completely verified and approved. The TPM-UAM is able to provide a more satisfactory level of confidence for data and processes that can be rated as highly confidential and private. The model was successfully developed and tested and the results confirmed the model efficiency and ability to secure TPM and all functions have been confirmed to be working perfectly according to what they were designed for. This paper describes the design and implementation of TPM-UAM system based on the proposed authentication model, virtualization has been implemented to create authentication platform to prevent direct interaction with TPM and biometrics has been implemented to verify identities and supervise running TPM, the system testing results in confirming the system functionality and ability to secure and protect TPM.
Malware can be defined as malicious software that infiltrates a network and computer host in a variety of ways, from software flaws to social engineering. Due to the polymorphic and stealth nature of malware attacks, a signature-based analysis that is done statically is no longer sufficient to solve such a problem. Therefore, a behavioral or anomalous analysis will provide a more dynamic approach for the solution. However, recent studies have shown that current behavioral methods at the network-level have several issues such as the inability to predict zero-day attacks, high-level assumptions, non-inferential analysis and performance issues. Other than performance issues, this study has identified common scientific characteristics which are reduced parameter, θ and lack of priori information p(θ) that causes the problems. Previous methods were proposed to address the problem, however, were still unable to resolve the stated scientific hitches. Due to the shortcomings, the Bayesian Network in terms of its probabilistic modeling would be the best method to deal with the stated scientific glitches which also have been proven in the area of Clinical Expert Systems, Artificial Intelligence, and Pattern Recognition. This study will critically review the predictive analytic applications of Bayesian Network model in different research domain such as Clinical Expert Systems, Artificial Intelligence, and Pattern Recognition and discover any potential approach available in the domain of Computer Networks. Based on the review, this paper has identified several Bayesian Network properties which have been used to overcome the abovementioned problems. Those properties will be applied in future studies to model the Behavioral Malware Predictive Analytics.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.