Research Article
Machine Learning and Network Traffic to Distinguish Between Malware and Benign Applications
@INPROCEEDINGS{10.1007/978-3-031-31469-8_7, author={Laith Abualigah and Sayel Abualigah and Mothanna Almahmoud and Agostino Forestiero and Gagan Sachdeva and Essam S. Hanandeh}, title={Machine Learning and Network Traffic to Distinguish Between Malware and Benign Applications}, proceedings={Pervasive Knowledge and Collective Intelligence on Web and Social Media. First EAI International Conference, PerSOM 2022, Messina, Italy, November 17-18, 2022, Proceedings}, proceedings_a={PERSOM}, year={2023}, month={4}, keywords={Machine Learning XGBOOST Malware Network Traffic Classification}, doi={10.1007/978-3-031-31469-8_7} }- Laith Abualigah
Sayel Abualigah
Mothanna Almahmoud
Agostino Forestiero
Gagan Sachdeva
Essam S. Hanandeh
Year: 2023
Machine Learning and Network Traffic to Distinguish Between Malware and Benign Applications
PERSOM
Springer
DOI: 10.1007/978-3-031-31469-8_7
Abstract
Virus detection software is widely used for servers, systems, and devices that seek to maintain security and reliability. Although these programs provide an excellent safety level, the traditional defense methods fail to detect new Malware. The more advanced approach relies on predicting malicious behavior with dynamic analysis of the process executed. This paper presents a new method for detecting malware using machine learning algorithms applied to data obtained from the Cuckoo sandbox. The Cuckoo sandbox isolates the file being analyzed, providing detailed dynamic analysis reports. The machine learning algorithms were compared and the most important features were identified. The results were obtained using six popular classifiers, including SVM, Random Forest, and LightGBM, and the XGBOOST algorithm had the highest accuracy, at an average of 97%. However, the research on machine learning-based malware analysis is limited in terms of computational complexity and detection accuracy.
