Biblio
Nowadays data is always stored in a computer in the hyper-connected world and, a company or an organization or a person can come across financial loss, reputation loss, business disruption and intellectual property loss because of data leakage or data disclosure. Remote Access Trojans are used to invade a victim's PC and collect information from it. There have been signatures for these that have already emerged and defined as malwares, but there is no available signature yet if a malware or a remote access Trojan is a zero-day threat. In this circumstance network behavioral analysis is more useful than signature-based anti-virus scanners in order to detect the different behavior of malware. When the traffic will be cut or stoppedis important in capturing network traffic. In this paper, effective features for detecting RATs are proposed. These features are extracted from the first twenty packets. Our approach achieves 98% accuracy and 10% false negative rate by random forest algorithm.