Aynur Koçak, Esra Söğüt, Mustafa Alkan, O. A. Erdem
{"title":"利用机器学习方法检测不同Windows PE恶意软件","authors":"Aynur Koçak, Esra Söğüt, Mustafa Alkan, O. A. Erdem","doi":"10.2339/politeknik.1207704","DOIUrl":null,"url":null,"abstract":"The types and application areas of cyber attacks are increasing and diversifying. Accordingly, the effects of attacks are constantly increasing or changing every moment. Among the attacks, malware attacks also have diversified and gained a wide place in the cyber world. With the use of different techniques and methods, there are problems in detecting and preventing malware attacks. These problems cause the systems' cyber security not to be fully ensured. Due to these situations, different malware attacks are discussed in the study, and the effects of attacks on Windows security are examined. A test-bed called AyEs has been prepared. Different attacks have been carried out, such as screenshots, vnc, aimed at hijacking or corrupting the victim system. The AyEs dataset was created by listening to the system network packets obtained due to the attacks. The dataset was preprocessed and made suitable for analysis. Machine learning methods such as Naive Bayes, J48, BayesNet, IBk, AdaBoost and LogitBoost were used on the dataset to detect malware attacks. J48 and IBk methods, which were found to provide high performance as a result of the analyzes, were suggested in the study. In this way, detection systems suitable for possible attack situations against Windows systems will be implemented easily and effectively. In addition to attack detection, an active role will be assumed in determining the type of attack.","PeriodicalId":44937,"journal":{"name":"Journal of Polytechnic-Politeknik Dergisi","volume":" ","pages":""},"PeriodicalIF":0.4000,"publicationDate":"2023-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detection of Different Windows PE Malware Using Machine Learning Methods\",\"authors\":\"Aynur Koçak, Esra Söğüt, Mustafa Alkan, O. A. Erdem\",\"doi\":\"10.2339/politeknik.1207704\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The types and application areas of cyber attacks are increasing and diversifying. Accordingly, the effects of attacks are constantly increasing or changing every moment. Among the attacks, malware attacks also have diversified and gained a wide place in the cyber world. With the use of different techniques and methods, there are problems in detecting and preventing malware attacks. These problems cause the systems' cyber security not to be fully ensured. Due to these situations, different malware attacks are discussed in the study, and the effects of attacks on Windows security are examined. A test-bed called AyEs has been prepared. Different attacks have been carried out, such as screenshots, vnc, aimed at hijacking or corrupting the victim system. The AyEs dataset was created by listening to the system network packets obtained due to the attacks. The dataset was preprocessed and made suitable for analysis. Machine learning methods such as Naive Bayes, J48, BayesNet, IBk, AdaBoost and LogitBoost were used on the dataset to detect malware attacks. J48 and IBk methods, which were found to provide high performance as a result of the analyzes, were suggested in the study. In this way, detection systems suitable for possible attack situations against Windows systems will be implemented easily and effectively. In addition to attack detection, an active role will be assumed in determining the type of attack.\",\"PeriodicalId\":44937,\"journal\":{\"name\":\"Journal of Polytechnic-Politeknik Dergisi\",\"volume\":\" \",\"pages\":\"\"},\"PeriodicalIF\":0.4000,\"publicationDate\":\"2023-04-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Polytechnic-Politeknik Dergisi\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2339/politeknik.1207704\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"ENGINEERING, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Polytechnic-Politeknik Dergisi","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2339/politeknik.1207704","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}
Detection of Different Windows PE Malware Using Machine Learning Methods
The types and application areas of cyber attacks are increasing and diversifying. Accordingly, the effects of attacks are constantly increasing or changing every moment. Among the attacks, malware attacks also have diversified and gained a wide place in the cyber world. With the use of different techniques and methods, there are problems in detecting and preventing malware attacks. These problems cause the systems' cyber security not to be fully ensured. Due to these situations, different malware attacks are discussed in the study, and the effects of attacks on Windows security are examined. A test-bed called AyEs has been prepared. Different attacks have been carried out, such as screenshots, vnc, aimed at hijacking or corrupting the victim system. The AyEs dataset was created by listening to the system network packets obtained due to the attacks. The dataset was preprocessed and made suitable for analysis. Machine learning methods such as Naive Bayes, J48, BayesNet, IBk, AdaBoost and LogitBoost were used on the dataset to detect malware attacks. J48 and IBk methods, which were found to provide high performance as a result of the analyzes, were suggested in the study. In this way, detection systems suitable for possible attack situations against Windows systems will be implemented easily and effectively. In addition to attack detection, an active role will be assumed in determining the type of attack.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
