Ahead of the Curve: A Deeper Understanding of Network Threats Through Machine Learning

TENCON 2018 - 2018 IEEE Region 10 Conference Pub Date : 2018-10-01 DOI:10.1109/TENCON.2018.8650218

Joy Nathalie M. Avelino, Carmi Anne Loren Mora, J. P. Balaquit

{"title":"Ahead of the Curve: A Deeper Understanding of Network Threats Through Machine Learning","authors":"Joy Nathalie M. Avelino, Carmi Anne Loren Mora, J. P. Balaquit","doi":"10.1109/TENCON.2018.8650218","DOIUrl":null,"url":null,"abstract":"The role of big data and machine intelligence in the field of information security is gaining importance as malicious attackers use evasion techniques (polymorphism, encryption, obfuscation) to bypass signature-based detection. As most threats propagate through the network, it is important to have proactive techniques to discover an infection before it damages a computer.This paper will examine how header-based information as well as other characteristics in the HTTP network traffic can be used to train a machine learning model to capture malicious behavior.Network streams tagged as malicious are preprocessed and clustered. It has been found that features in the raw byte stream augmented with handcrafted features are useful in learning the characteristics of network threats.In specific clusters formed, it is possible to identify certain threats targeting a specific server, or if there are characteristics that can be observed in the injected code for exploit detection.Clustering malicious network traffic leads to a better understanding of protection against these types of threats, identification of connected malware campaigns, and insight on future trends.","PeriodicalId":132900,"journal":{"name":"TENCON 2018 - 2018 IEEE Region 10 Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"TENCON 2018 - 2018 IEEE Region 10 Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TENCON.2018.8650218","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

The role of big data and machine intelligence in the field of information security is gaining importance as malicious attackers use evasion techniques (polymorphism, encryption, obfuscation) to bypass signature-based detection. As most threats propagate through the network, it is important to have proactive techniques to discover an infection before it damages a computer.This paper will examine how header-based information as well as other characteristics in the HTTP network traffic can be used to train a machine learning model to capture malicious behavior.Network streams tagged as malicious are preprocessed and clustered. It has been found that features in the raw byte stream augmented with handcrafted features are useful in learning the characteristics of network threats.In specific clusters formed, it is possible to identify certain threats targeting a specific server, or if there are characteristics that can be observed in the injected code for exploit detection.Clustering malicious network traffic leads to a better understanding of protection against these types of threats, identification of connected malware campaigns, and insight on future trends.

查看原文本刊更多论文

领先:通过机器学习更深入地了解网络威胁

随着恶意攻击者使用规避技术(多态性、加密、混淆)绕过基于签名的检测，大数据和机器智能在信息安全领域的作用越来越重要。由于大多数威胁都是通过网络传播的，因此在感染破坏计算机之前，拥有主动发现感染的技术是很重要的。本文将研究如何使用基于报头的信息以及HTTP网络流量中的其他特征来训练机器学习模型以捕获恶意行为。标记为恶意的网络流被预处理和聚集。研究发现，将原始字节流中的特征与手工制作的特征相结合，有助于学习网络威胁的特征。在形成的特定集群中，可以识别针对特定服务器的某些威胁，或者可以在注入的代码中观察到用于漏洞检测的特征。对恶意网络流量进行集群化可以更好地理解针对这些类型威胁的保护、识别连接的恶意软件活动以及洞察未来趋势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

TENCON 2018 - 2018 IEEE Region 10 Conference

自引率

0.00%

发文量