Abstract
Applications and malware affecting them are dramatically changing. It isn’t certain whether the currently used features can classify normal traffic or malware traffic correctly. In this paper, we evaluated the features used in previous studies while taking into account secular changes to classify normal traffic into the normal category and anomalous traffic into the anomalous category correctly. A secular change in this study is a difference in a feature between the date the training data were caputred and the date the test data were captured in the same circumstance. The evaluation is based on the Euclidean distance between the normal codebook or anomalous codebook made by vector quantization and the test data. We report on what causes these secular changes and which features with little or no secular change are effective for malware detection.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Internetthreatmonthlyreport (May 2011), http://ip.trendmicro.com/jp/threat/security_news/monthlyreport/article/20110602082147.html
Fujiwara, M., Terada, M., Abe, T., Kikuchi, H.: Study for the classification of malware by infectionactivities. In: IPSJCSEC, vol. 21, pp. 177–182 (March 2008) (in Japanese)
Ichino, M., Sakano, H., Komatsu, N.: Speaker Recognition Using Kernel Mutual Sbuspace Method, Thetransactions of the Institute of Electronics. Information and Communication Engineers 88(8), 1331–1338 (2005)
Karamcheti, V., Geiger, D., Kedem, Z., Muthukrishan, S.M.: Detecting malicious network traffic usinginverse distributions of packet contents. In: The ACM SIGCOMM Workshop on Mining Network Data, pp. 165–170 (2005)
Hatada, M., Nakatsuru, I., Akiyama, M.: Datasets for Anti-Malware Resarrch-MWS2011Datases-, MWS2011 (October 2011) (in Japanese)
Sato, Y., Waizumi, Y., Nemoto, Y.: Improving Accuracy of Network-basedanomalous Detection Using Multiple Detection Modules. Technical Commiteeon Network Systems (2004) (in Japanese)
Hiramatsu, N., Waizumi, Y., Tsunoda, H., Nemoto, Y.: Using Multiple Normal States for Network Anomaly Detection. In: IEICE (2006) (in Japanese)
Kugisaki, Y., Kasahara, Y., Hori, Y., Sakurai, K.: Study for botnet detection based on behavior observation of datatransmission interval. In: SCIS (2009) (in Japanese)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kawamoto, K., Ichino, M., Hatada, M., Otsuki, Y., Yoshiura, H., Katto, J. (2013). Evaluation of Secular Changes in Statistical Features of Traffic for the Purpose of Malware Detection. In: Lee, R. (eds) Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012. Studies in Computational Intelligence, vol 443. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32172-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-32172-6_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32171-9
Online ISBN: 978-3-642-32172-6
eBook Packages: EngineeringEngineering (R0)