Evaluation of Secular Changes in Statistical Features of Traffic for the Purpose of Malware Detection

  • Kenji Kawamoto
  • Masatsugu Ichino
  • Mitsuhiro Hatada
  • Yusuke Otsuki
  • Hiroshi Yoshiura
  • Jiro Katto
Conference paper

DOI: 10.1007/978-3-642-32172-6_1

Part of the Studies in Computational Intelligence book series (SCI, volume 443)
Cite this paper as:
Kawamoto K., Ichino M., Hatada M., Otsuki Y., Yoshiura H., Katto J. (2013) Evaluation of Secular Changes in Statistical Features of Traffic for the Purpose of Malware Detection. In: Lee R. (eds) Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012. Studies in Computational Intelligence, vol 443. Springer, Berlin, Heidelberg

Abstract

Applications and malware affecting them are dramatically changing. It isn’t certain whether the currently used features can classify normal traffic or malware traffic correctly. In this paper, we evaluated the features used in previous studies while taking into account secular changes to classify normal traffic into the normal category and anomalous traffic into the anomalous category correctly. A secular change in this study is a difference in a feature between the date the training data were caputred and the date the test data were captured in the same circumstance. The evaluation is based on the Euclidean distance between the normal codebook or anomalous codebook made by vector quantization and the test data. We report on what causes these secular changes and which features with little or no secular change are effective for malware detection.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Kenji Kawamoto
    • 1
  • Masatsugu Ichino
    • 2
  • Mitsuhiro Hatada
    • 3
  • Yusuke Otsuki
    • 2
  • Hiroshi Yoshiura
    • 2
  • Jiro Katto
    • 1
  1. 1.Graduate School of Fundamental Science and EngineeringWaseda UniversityTokyoJapan
  2. 2.University of Electoro-CommunicationsTokyoJapan
  3. 3.NTT Communications CorporationTokyoJapan

Personalised recommendations