Pre-filters in-transit malware packets detection in the network
| Main Authors: | Khammas, Ban Mohammed; AL-Nahrain University, Ismail, Ismahani; Universiti Teknologi Malaysia, Marsono, M. N.; Universiti Teknologi Malaysia |
|---|---|
| Format: | Article info application/pdf eJournal |
| Bahasa: | eng |
| Terbitan: |
Universitas Ahmad Dahlan
, 2019
|
| Subjects: | |
| Online Access: |
http://journal.uad.ac.id/index.php/TELKOMNIKA/article/view/12065 http://journal.uad.ac.id/index.php/TELKOMNIKA/article/view/12065/pdf_1150 |
Daftar Isi:
- Conventional malware detection systems cannot detect most of the new malware in the network without the availability of their signatures. In order to solve this problem, this paper proposes a technique to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a combination of known malware sub-signature and machine learning classification. This network-based malware detection is achieved through a middle path for efficient processing of non-malware packets. The proposed technique has been tested and verified using multiple data sets (metamorphic malware, non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in the network-based before they reached the host better than the previous works which detect malware in host-based. Experimental results showed that the proposed technique can speed up the transmission of more than 98% normal packets without sending them to the slow path, and more than 97% of malware packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic malware packets in the test dataset could be detected. The proposed technique is 37 times faster than existing technique.