Practical In-Depth Analysis of IDS Alerts for Tracing and Identifying Potential Attackers on Darknet

Song, Jungsuk; Lee, Youn-Su; Choi, Jangwon; Gil, Joon‐Min; Han, Jaekyung; Choi, Sang-Soo

doi:10.3390/su9020262

Cited by 9 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section, we are going to discuss some of the previous works that applied machine learning in malware analysis. Machine learning has been successfully applied to the identification and detection of malware [9,10]. It was shown in [11] that machine learning can also be used to characterize malware families.…”

Section: Related Workmentioning

confidence: 99%

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

Zelinka

Amer²

2019

mendel

View full text Add to dashboard Cite

Current commercial antivirus detection engines still rely on signature-based methods. However, with the huge increase in the number of new malware, current detection methods become not suitable. In this paper, we introduce a malware detection model based on ensemble learning. The model is trained using the minimum number of signification features that are extracted from the file header. Evaluations show that the ensemble models slightly outperform individual classification models. Experimental evaluations show that our model can predict unseen malware with an accuracy rate of 0.998 and with a false positive rate of 0.002. The paper also includes a comparison between the performance of the proposed model and with different machine learning techniques. We are emphasizing the use of machine learning based approaches to replace conventional signature-based methods.

show abstract

Section: Related Workmentioning

confidence: 99%

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

Zelinka

Amer²

2019

mendel

View full text Add to dashboard Cite

show abstract

“…Extensive research has been proposed and new research is still performed regarding the provision of solutions for malware detection systems [13,14]. For instance, in the case of known malware, content signatures-based methods that map samples of activities against known malware have been proposed [15,16].…”

Section: Related Workmentioning

confidence: 99%

Cross-Method-Based Analysis and Classification of Malicious Behavior by API Calls Extraction

Bruce¹,

Kim

Kang

et al. 2019

Applied Sciences

View full text Add to dashboard Cite

Data-driven public security networking and computer systems are always under threat from malicious codes known as malware; therefore, a large amount of research and development is taking place to find effective countermeasures. These countermeasures are mainly based on dynamic and statistical analysis. Because of the obfuscation techniques used by the malware authors, security researchers and the anti-virus industry are facing a colossal issue regarding the extraction of hidden payloads within packed executable extraction. Based on this understanding, we first propose a method to de-obfuscate and unpack the malware samples. Additional, cross-method-based big data analysis to dynamically and statistically extract features from malware has been proposed. The Application Programming Interface (API) call sequences that reflect the malware behavior of its code have been used to detect behavior such as network traffic, modifying a file, writing to stderr or stdout, modifying a registry value, creating a process. Furthermore, we include a similarity analysis and machine learning algorithms to profile and classify malware behaviors. The experimental results of the proposed method show that malware detection accuracy is very useful to discover potential threats and can help the decision-maker to deploy appropriate countermeasures.

show abstract

“…Targeted attacks and threats such as malware and botnets cause great damage to the community in different factors, such as financial loss or health loss. Significant research has been conducted in which researchers have proposed different Intrusion Detection Systems (IDS) to mitigate the risk of malicious intrusion attacks [2]. Now, the data can be extracted easily from information retrieval models as well as information extraction of any kind [3,4].…”

Section: Introductionmentioning

confidence: 99%

Real-Time DDoS Attack Detection System Using Big Data Approach

et al. 2021

View full text Add to dashboard Cite

Currently, the Distributed Denial of Service (DDoS) attack has become rampant, and shows up in various shapes and patterns, therefore it is not easy to detect and solve with previous solutions. Classification algorithms have been used in many studies and have aimed to detect and solve the DDoS attack. DDoS attacks are performed easily by using the weaknesses of networks and by generating requests for services for software. Real-time detection of DDoS attacks is difficult to detect and mitigate, but this solution holds significant value as these attacks can cause big issues. This paper addresses the prediction of application layer DDoS attacks in real-time with different machine learning models. We applied the two machine learning approaches Random Forest (RF) and Multi-Layer Perceptron (MLP) through the Scikit ML library and big data framework Spark ML library for the detection of Denial of Service (DoS) attacks. In addition to the detection of DoS attacks, we optimized the performance of the models by minimizing the prediction time as compared with other existing approaches using big data framework (Spark ML). We achieved a mean accuracy of 99.5% of the models both with and without big data approaches. However, in training and testing time, the big data approach outperforms the non-big data approach due to that the Spark computations in memory are in a distributed manner. The minimum average training and testing time in minutes was 14.08 and 0.04, respectively. Using a big data tool (Apache Spark), the maximum intermediate training and testing time in minutes was 34.11 and 0.46, respectively, using a non-big data approach. We also achieved these results using the big data approach. We can detect an attack in real-time in few milliseconds.

show abstract

Practical In-Depth Analysis of IDS Alerts for Tracing and Identifying Potential Attackers on Darknet

Cited by 9 publications

References 20 publications

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

An Ensemble-Based Malware Detection Model Using Minimum Feature Set

Cross-Method-Based Analysis and Classification of Malicious Behavior by API Calls Extraction

Real-Time DDoS Attack Detection System Using Big Data Approach

Contact Info

Product

Resources

About