Machine learning for network-based malware detection

Matija Stevanovic

Publikation: Bog/antologi/afhandling/rapportPh.d.-afhandlingForskning

1288 Downloads (Pure)

Resumé

This thesis explores how can network traffic analysis be used for accurate and efficient detection of malware network activities. The thesis focuses on botnet detection by devising novel detection approaches that are aimed at identifying malware network activity at different points in the network and based on different, mutually complementary, principles of traffic analysis. The proposed approaches rely on machine learning algorithms (MLAs) for automated and resource-efficient identification of the patterns of malicious network traffic. We evaluated the proposed methods through extensive evaluations using traffic traces from honeypots and malware testing environments as well as operational ISP networks. Based on the evaluation, the novel detection methods provide accurate and efficient identification of malicious network traffic, thus being promising in the light of operational deployment. Furthermore, the thesis provides an overview of some of the biggest challenges of using MLAs for identifying malicious network activities. The challenge specially addressed by the thesis is the “ground truth” problem, where we proposed a novel labeling approach for obtaining the ground truth on agile DNS traffic that provides reliable and time-efficient labeling. Finally, the thesis outlines the opportunities for future work on realizing robust and effective detection solutions.
OriginalsprogEngelsk
ForlagAalborg Universitetsforlag
Antal sider245
ISBN (Elektronisk)978-87-7112-490-3
DOI
StatusUdgivet - 2016
NavnPh.d.-serien for Det Teknisk-Naturvidenskabelige Fakultet, Aalborg Universitet
ISSN2246-1248

Fingerprint

Learning systems
Labeling
Learning algorithms
Testing
Malware
Botnet

Citer dette

Stevanovic, M. (2016). Machine learning for network-based malware detection. Aalborg Universitetsforlag. Ph.d.-serien for Det Teknisk-Naturvidenskabelige Fakultet, Aalborg Universitet https://doi.org/10.5278/vbn.phd.engsci.00088
Stevanovic, Matija. / Machine learning for network-based malware detection. Aalborg Universitetsforlag, 2016. 245 s. (Ph.d.-serien for Det Teknisk-Naturvidenskabelige Fakultet, Aalborg Universitet).
@phdthesis{a541f3160de7448fa99033ec5c1f98c0,
title = "Machine learning for network-based malware detection",
abstract = "This thesis explores how can network traffic analysis be used for accurate and efficient detection of malware network activities. The thesis focuses on botnet detection by devising novel detection approaches that are aimed at identifying malware network activity at different points in the network and based on different, mutually complementary, principles of traffic analysis. The proposed approaches rely on machine learning algorithms (MLAs) for automated and resource-efficient identification of the patterns of malicious network traffic. We evaluated the proposed methods through extensive evaluations using traffic traces from honeypots and malware testing environments as well as operational ISP networks. Based on the evaluation, the novel detection methods provide accurate and efficient identification of malicious network traffic, thus being promising in the light of operational deployment. Furthermore, the thesis provides an overview of some of the biggest challenges of using MLAs for identifying malicious network activities. The challenge specially addressed by the thesis is the “ground truth” problem, where we proposed a novel labeling approach for obtaining the ground truth on agile DNS traffic that provides reliable and time-efficient labeling. Finally, the thesis outlines the opportunities for future work on realizing robust and effective detection solutions.",
author = "Matija Stevanovic",
year = "2016",
doi = "10.5278/vbn.phd.engsci.00088",
language = "English",
publisher = "Aalborg Universitetsforlag",

}

Stevanovic, M 2016, Machine learning for network-based malware detection. Ph.d.-serien for Det Teknisk-Naturvidenskabelige Fakultet, Aalborg Universitet, Aalborg Universitetsforlag. https://doi.org/10.5278/vbn.phd.engsci.00088

Machine learning for network-based malware detection. / Stevanovic, Matija.

Aalborg Universitetsforlag, 2016. 245 s. (Ph.d.-serien for Det Teknisk-Naturvidenskabelige Fakultet, Aalborg Universitet).

Publikation: Bog/antologi/afhandling/rapportPh.d.-afhandlingForskning

TY - BOOK

T1 - Machine learning for network-based malware detection

AU - Stevanovic, Matija

PY - 2016

Y1 - 2016

N2 - This thesis explores how can network traffic analysis be used for accurate and efficient detection of malware network activities. The thesis focuses on botnet detection by devising novel detection approaches that are aimed at identifying malware network activity at different points in the network and based on different, mutually complementary, principles of traffic analysis. The proposed approaches rely on machine learning algorithms (MLAs) for automated and resource-efficient identification of the patterns of malicious network traffic. We evaluated the proposed methods through extensive evaluations using traffic traces from honeypots and malware testing environments as well as operational ISP networks. Based on the evaluation, the novel detection methods provide accurate and efficient identification of malicious network traffic, thus being promising in the light of operational deployment. Furthermore, the thesis provides an overview of some of the biggest challenges of using MLAs for identifying malicious network activities. The challenge specially addressed by the thesis is the “ground truth” problem, where we proposed a novel labeling approach for obtaining the ground truth on agile DNS traffic that provides reliable and time-efficient labeling. Finally, the thesis outlines the opportunities for future work on realizing robust and effective detection solutions.

AB - This thesis explores how can network traffic analysis be used for accurate and efficient detection of malware network activities. The thesis focuses on botnet detection by devising novel detection approaches that are aimed at identifying malware network activity at different points in the network and based on different, mutually complementary, principles of traffic analysis. The proposed approaches rely on machine learning algorithms (MLAs) for automated and resource-efficient identification of the patterns of malicious network traffic. We evaluated the proposed methods through extensive evaluations using traffic traces from honeypots and malware testing environments as well as operational ISP networks. Based on the evaluation, the novel detection methods provide accurate and efficient identification of malicious network traffic, thus being promising in the light of operational deployment. Furthermore, the thesis provides an overview of some of the biggest challenges of using MLAs for identifying malicious network activities. The challenge specially addressed by the thesis is the “ground truth” problem, where we proposed a novel labeling approach for obtaining the ground truth on agile DNS traffic that provides reliable and time-efficient labeling. Finally, the thesis outlines the opportunities for future work on realizing robust and effective detection solutions.

U2 - 10.5278/vbn.phd.engsci.00088

DO - 10.5278/vbn.phd.engsci.00088

M3 - Ph.D. thesis

BT - Machine learning for network-based malware detection

PB - Aalborg Universitetsforlag

ER -

Stevanovic M. Machine learning for network-based malware detection. Aalborg Universitetsforlag, 2016. 245 s. (Ph.d.-serien for Det Teknisk-Naturvidenskabelige Fakultet, Aalborg Universitet). https://doi.org/10.5278/vbn.phd.engsci.00088