Towards Fingerprinting Malicious Traffic | Zendy

Amine Boukhtouta | Zendy; Nour-Eddine Lakhdari | Zendy; Serguei A. Mokhov | Zendy; Mourad Debbabi | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Towards Fingerprinting Malicious Traffic

Author(s) -

Amine Boukhtouta,

Nour-Eddine Lakhdari,

Serguei A. Mokhov,

Mourad Debbabi

Publication year - 2013

Publication title -

procedia computer science

Language(s) - English

Resource type - Journals

SCImago Journal Rank - 0.334

H-Index - 76

ISSN - 1877-0509

DOI - 10.1016/j.procs.2013.06.073

Subject(s) - c4.5 algorithm , computer science , malware , network packet , naive bayes classifier , boosting (machine learning) , data mining , support vector machine , random forest , machine learning , artificial intelligence , computer security

The primary intent of this paper is detect malicious traffic at the network level. To this end, we apply several machine learning techniques to build classifiers that fingerprint maliciousness on IP traffic. As such, J48, Näıve Bayesian, SVM and Boosting algorithms are used to classify malware communications that are generated from dynamic malware anal- ysis framework. The generated traffic log files are pre-processed in order to extract features that characterize malicious packets. The data mining algorithms are applied on these features. The comparison between different algorithms results has shown that J48 and Boosted J48 algorithms have performed better than other algorithms. We managed to obtain a detection rate of 99% of malicious traffic with a false positive rate less than 1% for J48 and Boosted J48 algorithms. Additional tests have generated results that show that our model can detect malicious traffic obtained from different sources

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research