Garuda - Garba Rujukan Digital

Pre-filters in-transit malware packets detection in the network Ban Mohammed Khammas; Ismahani Ismail; M. N. Marsono
TELKOMNIKA (Telecommunication Computing Electronics and Control) Vol 17, No 4: August 2019
Publisher : Universitas Ahmad Dahlan

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.12928/telkomnika.v17i4.12065

Conventional malware detection systems cannot detect most of the new malware in the network without the availability of their signatures. In order to solve this problem, this paper proposes a technique to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a combination of known malware sub-signature and machine learning classification. This network-based malware detection is achieved through a middle path for efficient processing of non-malware packets. The proposed technique has been tested and verified using multiple data sets (metamorphic malware, non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in the network-based before they reached the host better than the previous works which detect malware in host-based. Experimental results showed that the proposed technique can speed up the transmission of more than 98% normal packets without sending them to the slow path, and more than 97% of malware packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic malware packets in the test dataset could be detected. The proposed technique is 37 times faster than existing technique.

Online traffic classification for malicious flows using efficient machine learning techniques Ying Yenn Chan; Ismahani Bt Ismail; Ban Mohammed Khammas
TELKOMNIKA (Telecommunication Computing Electronics and Control) Vol 19, No 4: August 2021
Publisher : Universitas Ahmad Dahlan

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.12928/telkomnika.v19i4.20402

The rapid network technology growth causing various network problems, attacks are becoming more sophisticated than defenses. In this paper, we proposed traffic classification by using machine learning technique, and statistical flow features such as five tuples for the training dataset. A rule-based system, Snort is used to identify the severe harmfulness data packets and reduce the training set dimensionality to a manageable size. Comparison of performance between training dataset that consists of all priorities malicious flows with only has priority 1 malicious flows are done. Different machine learning (ML) algorithms performance in terms of accuracy and efficiency are analyzed. Results show that Naïve Bayes achieved accuracy up to 99.82% for all priorities while 99.92% for extracted priority 1 of malicious flows training dataset in 0.06 seconds and be chosen to classify traffic in real-time process. It is demonstrated that by taking just five tuples information as features and using Snort alert information to extract only important flows and reduce size of dataset is actually comprehensive enough to supply a classifier with high efficiency and accuracy which can sustain the safety of network.

Comparative analysis of various machine learning algorithms for ransomware detection Ban Mohammed Khammas
TELKOMNIKA (Telecommunication Computing Electronics and Control) Vol 20, No 1: February 2022
Publisher : Universitas Ahmad Dahlan

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.12928/telkomnika.v20i1.18812

Recently, the ransomware attack posed a serious threat that targets a wide range of organizations and individuals for financial gain. So, there is a real need to initiate more innovative methods that are capable of proactively detect and prevent this type of attack. Multiple approaches were innovated to detect attacks using different techniques. One of these techniques is machine learning techniques which provide reasonable results, in most attack detection systems. In the current article, different machine learning techniques are tested to analyze its ability in a detection ransomware attack. The top 1000 features extracted from raw byte with the use of gain ratio as a feature selection method. Three different classifiers (decision tree (J48), random forest, radial basis function (RBF) network) available in Waikato Environment for Knowledge Analysis (WEKA) based machine learning tool are evaluated to achieve significant detection accuracy of ransomware. The result shows that random forest gave the best detection accuracy almost around 98%.

Obfuscated computer virus detection using machine learning algorithm Tan Hui Xin; Ismahani Ismail; Ban Mohammed Khammas
Bulletin of Electrical Engineering and Informatics Vol 8, No 4: December 2019
Publisher : Institute of Advanced Engineering and Science

Nowadays, computer virus attacks are getting very advanced. New obfuscated computer virus created by computer virus writers will generate a new shape of computer virus automatically for every single iteration and download. This constantly evolving computer virus has caused significant threat to information security of computer users, organizations and even government. However, signature based detection technique which is used by the conventional anti-computer virus software in the market fails to identify it as signatures are unavailable. This research proposed an alternative approach to the traditional signature based detection method and investigated the use of machine learning technique for obfuscated computer virus detection. In this work, text strings are used and have been extracted from virus program codes as the features to generate a suitable classifier model that can correctly classify obfuscated virus files. Text string feature is used as it is informative and potentially only use small amount of memory space. Results show that unknown files can be correctly classified with 99.5% accuracy using SMO classifier model. Thus, it is believed that current computer virus defense can be strengthening through machine learning approach.

Obfuscated computer virus detection using machine learning algorithm Tan Hui Xin; Ismahani Ismail; Ban Mohammed Khammas
Bulletin of Electrical Engineering and Informatics Vol 8, No 4: December 2019
Publisher : Institute of Advanced Engineering and Science

Nowadays, computer virus attacks are getting very advanced. New obfuscated computer virus created by computer virus writers will generate a new shape of computer virus automatically for every single iteration and download. This constantly evolving computer virus has caused significant threat to information security of computer users, organizations and even government. However, signature based detection technique which is used by the conventional anti-computer virus software in the market fails to identify it as signatures are unavailable. This research proposed an alternative approach to the traditional signature based detection method and investigated the use of machine learning technique for obfuscated computer virus detection. In this work, text strings are used and have been extracted from virus program codes as the features to generate a suitable classifier model that can correctly classify obfuscated virus files. Text string feature is used as it is informative and potentially only use small amount of memory space. Results show that unknown files can be correctly classified with 99.5% accuracy using SMO classifier model. Thus, it is believed that current computer virus defense can be strengthening through machine learning approach.

Obfuscated computer virus detection using machine learning algorithm Tan Hui Xin; Ismahani Ismail; Ban Mohammed Khammas
Bulletin of Electrical Engineering and Informatics Vol 8, No 4: December 2019
Publisher : Institute of Advanced Engineering and Science

Nowadays, computer virus attacks are getting very advanced. New obfuscated computer virus created by computer virus writers will generate a new shape of computer virus automatically for every single iteration and download. This constantly evolving computer virus has caused significant threat to information security of computer users, organizations and even government. However, signature based detection technique which is used by the conventional anti-computer virus software in the market fails to identify it as signatures are unavailable. This research proposed an alternative approach to the traditional signature based detection method and investigated the use of machine learning technique for obfuscated computer virus detection. In this work, text strings are used and have been extracted from virus program codes as the features to generate a suitable classifier model that can correctly classify obfuscated virus files. Text string feature is used as it is informative and potentially only use small amount of memory space. Results show that unknown files can be correctly classified with 99.5% accuracy using SMO classifier model. Thus, it is believed that current computer virus defense can be strengthening through machine learning approach.

Title

Found 6 Documents
Search

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Title Search

Found 6 Documents Search

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Title

Found 6 Documents
Search