Q128 : Malware detection using semi-supervised active learning
Thesis > Central Library of Shahrood University > Computer Engineering > MSc > 2018
Authors:
Reza Rahimian [Author], Hoda Mashayekhi[Supervisor], Mohsen Rezvani[Advisor]
Abstarct: Nowadays, the necessity of using the Internet and it becoming an important part of people's lives is unavoidable. On the other hand, in line with the dramatic growth of computer networks and infrastructures, as well as the development of complex and dynamic malware that is constantly updating itself, maintaining security and monitoring network traffic is one of the most important requirements of cyber space. In general, malware can take actions such as theft of information, spamming or the creation of a network of bots. Therefore, creating a method that can effectively detect and prevent their penetration will always be needed. In recent years, botnets have been identified as one of the most dangerous malware known on the Internet, which can destroy healthy computers and turn them into bots for the transmission of viruses, spam, and so on. So far, various methods have been developed to identify botnets. In this regard, network traffic classification is considered one of the most well-known security solutions by means of learning approaches, considering their performance and their developmental capability. However, the detection of botnets by using learning methods has several challenges, including the lack of labeled data and the detection of a new botnet. In order to mitigate these problems, an active learning method can be used which is less considered in the field of botnet detection. In this research, a semi-supervised active learning-baxsed approach is proposed using ensemble classifier baxsed on logistic regression, linear support vector machine and naive Bayes for detecting botnets is presented. The training is done in an interactive manner and the system constantly updates the model of classifiers baxsed on the requested labels of selected samples. In the experiments, we use a data set containing different types of botnets and extract five different feature sets. The results show the model's efficiency in detecting unseen botnets and the classification accuracy of 89.85.
Keywords:
#Semi-supervised active learning #Malware #Botnet #Network traffic classification #Ensemble classification #Information security Link
Keeping place: Central Library of Shahrood University
Visitor: