A malware traffic detection method based on Victim-Attacker interaction patterns

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-04-08 DOI:10.1016/j.cose.2025.104487

Yanze Qu , Hailong Ma , Chaofan Zheng , Yiming Jiang , Wenbo Wang

{"title":"A malware traffic detection method based on Victim-Attacker interaction patterns","authors":"Yanze Qu , Hailong Ma , Chaofan Zheng , Yiming Jiang , Wenbo Wang","doi":"10.1016/j.cose.2025.104487","DOIUrl":null,"url":null,"abstract":"<div><div>The widespread adoption of encryption protocols has provided benefits for personal privacy, while also offering cover for the command and control (C&C) communication of malware such as Trojans, presenting significant challenges to existing network monitoring systems. Existing methods exhibit limited capacity to discern threats across network flows, while neglecting the prevalent packet loss phenomenon in real-world network environments. This paper proposes a malware traffic detection method based on the interaction patterns between compromised hosts and C&C servers. With a novel detection unit called channel unit representing interaction patterns, compared to existing methods, our proposed method is capable of discerning threats across network flows and is more resilient to packet loss. Evaluation experiments show that our method has superior detection performance in both binary and multi-class classification scenarios, achieving accuracy rates of 99.84 % and 96.08 % respectively. In terms of packet loss tolerance, compared with existing methods, our method exhibits the minimal performance degradation under a 20 % packet loss rate, maintaining a multi-classification accuracy of 99.63 % and a binary classification accuracy of 95.72 %.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"155 ","pages":"Article 104487"},"PeriodicalIF":4.8000,"publicationDate":"2025-04-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001750","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The widespread adoption of encryption protocols has provided benefits for personal privacy, while also offering cover for the command and control (C&C) communication of malware such as Trojans, presenting significant challenges to existing network monitoring systems. Existing methods exhibit limited capacity to discern threats across network flows, while neglecting the prevalent packet loss phenomenon in real-world network environments. This paper proposes a malware traffic detection method based on the interaction patterns between compromised hosts and C&C servers. With a novel detection unit called channel unit representing interaction patterns, compared to existing methods, our proposed method is capable of discerning threats across network flows and is more resilient to packet loss. Evaluation experiments show that our method has superior detection performance in both binary and multi-class classification scenarios, achieving accuracy rates of 99.84 % and 96.08 % respectively. In terms of packet loss tolerance, compared with existing methods, our method exhibits the minimal performance degradation under a 20 % packet loss rate, maintaining a multi-classification accuracy of 99.63 % and a binary classification accuracy of 95.72 %.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.