Assessing Cyclostationary Malware Detection via Feature Selection and Classification

• URL: http://arxiv.org/abs/2308.15237v1
• Date: Tue, 29 Aug 2023 11:52:31 GMT
• Title: Assessing Cyclostationary Malware Detection via Feature Selection and Classification
• Authors: Mike Nkongolo
• Abstract summary: This research focuses on identifying cyclostationary malware behavior and its detection. Main goal is to pinpoint essential cyclostationary features used in NIDSs. Analysis identifies the internet protocol as the most noticeable cyclostationary feature pattern used by malware.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Cyclostationarity involves periodic statistical variations in signals and processes, commonly used in signal analysis and network security. In the context of attacks, cyclostationarity helps detect malicious behaviors within network traffic, such as traffic patterns in Distributed Denial of Service (DDoS) attacks or hidden communication channels in malware. This approach enhances security by identifying abnormal patterns and informing Network Intrusion Detection Systems (NIDSs) to recognize potential attacks, enhancing protection against both known and novel threats. This research focuses on identifying cyclostationary malware behavior and its detection. The main goal is to pinpoint essential cyclostationary features used in NIDSs. These features are extracted using algorithms such as Boruta and Principal Component Analysis (PCA), and then categorized to find the most significant cyclostationary patterns. The aim of this article is to reveal periodically changing malware behaviors through cyclostationarity. The study highlights the importance of spotting cyclostationary malware in NIDSs by using established datasets like KDD99, NSL-KDD, and the UGRansome dataset. The UGRansome dataset is designed for anomaly detection research and includes both normal and abnormal network threat categories of zero-day attacks. A comparison is made using the Random Forest (RF) and Support Vector Machine (SVM) algorithms, while also evaluating the effectiveness of Boruta and PCA. The findings show that PCA is more promising than using Boruta alone for extracting cyclostationary network feature patterns. Additionally, the analysis identifies the internet protocol as the most noticeable cyclostationary feature pattern used by malware. Notably, the UGRansome dataset outperforms the KDD99 and NSL-KDD, achieving 99% accuracy in signature malware detection using the RF algorithm and 98% with the SVM.

Related papers

• Ransomware Detection and Classification Using Random Forest: A Case Study with the UGRansome2024 Dataset [0.0]
  We introduce UGRansome2024, an optimised dataset for ransomware detection in network traffic. This dataset is derived from the UGRansome data using an intuitionistic feature engineering approach. The study presents an analysis of ransomware detection using the UGRansome2024 dataset and the Random Forest algorithm.
  arXiv  Detail & Related papers  (2024-04-19T12:50:03Z)
• Machine learning-based network intrusion detection for big and imbalanced data using oversampling, stacking feature embedding and feature extraction [6.374540518226326]
  Intrusion Detection Systems (IDS) play a critical role in protecting interconnected networks by detecting malicious actors and activities. This paper introduces a novel ML-based network intrusion detection model that uses Random Oversampling (RO) to address data imbalance and Stacking Feature Embedding (PCA) for dimension reduction. Using the CIC-IDS 2017 dataset, DT, RF, and ET models reach 99.99% accuracy, while DT and RF models obtain 99.94% accuracy on CIC-IDS 2018 dataset.
  arXiv  Detail & Related papers  (2024-01-22T05:49:41Z)
• Electrical Grid Anomaly Detection via Tensor Decomposition [41.94295877935867]
  Previous work has shown that dimensionality reduction-based approaches can be used for accurate identification of anomalies in SCADA systems. In this work, we novelly apply the tensor decomposition method Canonical Polyadic Alternating Poisson Regression with a probabilistic framework, to identify anomalies in SCADA systems. In our experiments, we model real-world SCADA system data collected from the electrical grid operated by Los Alamos National Laboratory.
  arXiv  Detail & Related papers  (2023-10-12T18:23:06Z)
• Performance evaluation of Machine learning algorithms for Intrusion Detection System [0.40964539027092917]
  This paper focuses on intrusion detection systems (IDSs) analysis using Machine Learning (ML) techniques. We analyze the KDD CUP-'99' intrusion detection dataset used for training and validating ML models.
  arXiv  Detail & Related papers  (2023-10-01T06:35:37Z)
• The Adversarial Implications of Variable-Time Inference [47.44631666803983]
  We present an approach that exploits a novel side channel in which the adversary simply measures the execution time of the algorithm used to post-process the predictions of the ML model under attack. We investigate leakage from the non-maximum suppression (NMS) algorithm, which plays a crucial role in the operation of object detectors. We demonstrate attacks against the YOLOv3 detector, leveraging the timing leakage to successfully evade object detection using adversarial examples, and perform dataset inference.
  arXiv  Detail & Related papers  (2023-09-05T11:53:17Z)
• Novelty Detection in Network Traffic: Using Survival Analysis for Feature Identification [1.933681537640272]
  Intrusion Detection Systems are an important component of many organizations' cyber defense and resiliency strategies. One downside of these systems is their reliance on known attack signatures for detection of malicious network events. We introduce an unconventional approach to identifying network traffic features that influence novelty detection based on survival analysis techniques.
  arXiv  Detail & Related papers  (2023-01-16T01:40:29Z)
• A Robust and Explainable Data-Driven Anomaly Detection Approach For Power Electronics [56.86150790999639]
  We present two anomaly detection and classification approaches, namely the Matrix Profile algorithm and anomaly transformer. The Matrix Profile algorithm is shown to be well suited as a generalizable approach for detecting real-time anomalies in streaming time-series data. A series of custom filters is created and added to the detector to tune its sensitivity, recall, and detection accuracy.
  arXiv  Detail & Related papers  (2022-09-23T06:09:35Z)
• Multi-Expert Adversarial Attack Detection in Person Re-identification Using Context Inconsistency [47.719533482898306]
  We propose a Multi-Expert Adversarial Attack Detection (MEAAD) approach to detect malicious attacks on person re-identification (ReID) systems. As the first adversarial attack detection approach for ReID,MEAADeffectively detects various adversarial at-tacks and achieves high ROC-AUC (over 97.5%).
  arXiv  Detail & Related papers  (2021-08-23T01:59:09Z)
• Experimental Review of Neural-based approaches for Network Intrusion Management [8.727349339883094]
  We provide an experimental-based review of neural-based methods applied to intrusion detection issues. We offer a complete view of the most prominent neural-based techniques relevant to intrusion detection, including deep-based approaches or weightless neural networks. Our evaluation quantifies the value of neural networks, particularly when state-of-the-art datasets are used to train the models.
  arXiv  Detail & Related papers  (2020-09-18T18:32:24Z)
• Real-Time Anomaly Detection in Edge Streams [49.26098240310257]
  We propose MIDAS, which focuses on detecting microcluster anomalies, or suddenly arriving groups of suspiciously similar edges. We further propose MIDAS-F, to solve the problem by which anomalies are incorporated into the algorithm's internal states. Experiments show that MIDAS-F has significantly higher accuracy than MIDAS.
  arXiv  Detail & Related papers  (2020-09-17T17:59:27Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.