Submit

Login Login

Register Register

Home/ Journals/ CMC/ Vol.60, No.2, 2019/ 10.32604/cmc.2019.05610

Table of Content

Open Access iconOpen Access

ARTICLE

MalDetect: A Structure of Encrypted Malware Traffic Detection

Jiyuan Liu1, Yingzhi Zeng2, Jiangyong Shi2, Yuexiang Yang2,∗, Rui Wang3, Liangzhong He4

Student of College of Computer, National University of Defense Technology, Hunan, China.
Faculty of College of Computer, National University of Defense Technology, Hunan, China.
CEO of AppBugs Inc, USA.
Faculty of China Mobile (Su Zhou) Software Technology Co., Ltd.

* Corresponding Author: Yuexiang Yang. Email: email.

Computers, Materials & Continua 2019, 60(2), 721-739. https://doi.org/10.32604/cmc.2019.05610

Abstract

Recently, TLS protocol has been widely used to secure the application data carried in network traffic. It becomes more difficult for attackers to decipher messages through capturing the traffic generated from communications of hosts. On the other hand, malwares adopt TLS protocol when accessing to internet, which makes most malware traffic detection methods, such as DPI (Deep Packet Inspection), ineffective. Some literatures use statistical method with extracting the observable data fields exposed in TLS connections to train machine learning classifiers so as to infer whether a traffic flow is malware or not. However, most of them adopt the features based on the complete flow, such as flow duration, but seldom consider that the detection result should be given out as soon as possible. In this paper, we propose MalDetect, a structure of encrypted malware traffic detection. MalDetect only extracts features from approximately 8 packets (the number varies in different flows) at the beginning of traffic flows, which makes it capable of detecting malware traffic before the malware behaviors take practical impacts. In addition, observing that it is inefficient and time-consuming to re-train the offline classifier when new flow samples arrive, we deploy Online Random Forest in MalDetect. This enables the classifier to update its parameters in online mode and gets rid of the re-training process. MalDetect is coded in C++ language and open in Github. Furthermore, MalDetect is thoroughly evaluated from three aspects: effectiveness, timeliness and performance.

Keywords

Cite This Article

APA Style
Liu, J., Zeng, Y., Shi, J., Yang, Y., Wang, R. et al. (2019). Maldetect: A structure of encrypted malware traffic detection. Computers, Materials & Continua, 60(2), 721-739. https://doi.org/10.32604/cmc.2019.05610
Vancouver Style
Liu J, Zeng Y, Shi J, Yang Y, Wang R, He L. Maldetect: A structure of encrypted malware traffic detection. Comput Mater Contin. 2019;60(2):721-739 https://doi.org/10.32604/cmc.2019.05610
IEEE Style
J. Liu, Y. Zeng, J. Shi, Y. Yang, R. Wang, and L. He, “MalDetect: A Structure of Encrypted Malware Traffic Detection,” Comput. Mater. Contin., vol. 60, no. 2, pp. 721-739, 2019. https://doi.org/10.32604/cmc.2019.05610
BibTex EndNote RIS

Citations

4
[click to view]



cc Copyright © 2019 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

  • 3866

    View

  • 2697

    Download

  • 0

    Like

Related articles

Copyright© 2024 Tech Science Press
© 1997-2024 TSP (Henderson, USA) unless otherwise stated

Share Link