Network Behavioral Features for Detecting Remote Access Trojans in the Early Stage
| Title | Network Behavioral Features for Detecting Remote Access Trojans in the Early Stage |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Yin, Khin Swe, Khine, May Aye |
| Conference Name | Proceedings of the 2017 VI International Conference on Network, Communication and Computing |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5366-3 |
| Keywords | Accuracy, composability, cyber physical systems, False Data Detection, false negative rate, Human Behavior, machine learning, pubcrawl, Remote Access Trojans detection, resilience, Resiliency |
| Abstract | Nowadays data is always stored in a computer in the hyper-connected world and, a company or an organization or a person can come across financial loss, reputation loss, business disruption and intellectual property loss because of data leakage or data disclosure. Remote Access Trojans are used to invade a victim's PC and collect information from it. There have been signatures for these that have already emerged and defined as malwares, but there is no available signature yet if a malware or a remote access Trojan is a zero-day threat. In this circumstance network behavioral analysis is more useful than signature-based anti-virus scanners in order to detect the different behavior of malware. When the traffic will be cut or stoppedis important in capturing network traffic. In this paper, effective features for detecting RATs are proposed. These features are extracted from the first twenty packets. Our approach achieves 98% accuracy and 10% false negative rate by random forest algorithm. |
| URL | https://dl.acm.org/citation.cfm?doid=3171592.3171597 |
| DOI | 10.1145/3171592.3171597 |
| Citation Key | yin_network_2017 |