Binary classification of malware by analyzing its behavior in the network using machine learning

Authors

  • Jean Carlo Soto Facultad de Ingeniería, Universidad Tecnológica Centroamericana, UNITEC, Tegucigalpa, Honduras

DOI:

https://doi.org/10.5377/innovare.v12i1.15956

Keywords:

Cybersecurity, Deep learning, Machine learning, Malware, Network

Abstract

Introduction. Every day we are exposed to all kinds of cyber-threats when we browse the internet, compromising the confidentiality, integrity, and availability of our devices. Cyber-attacks have become more sophisticated and cyber attackers require less technical knowledge to execute such attacks. An automated and well-defined process to counter these attacks becomes urgent. The study aim was to solve this problem. Methods. A model was developed to analyze the information in Packet Capture (PCAP) files and classify network connections as either benign or malicious (malware generated). This software used two methods: traditional machine learning algorithms and neural networks. Our experiments were carried out using the Intrusion Detection Evaluation Dataset (CICIDS2017), which contains labeled samples of PCAP files. We experimented using both raw and standardized data. The classification results were evaluated using recall, precision, F1-score, and accuracy metrics. Results. These were satisfactory for both methods, obtaining more than 95% in the F1-score and recall metric, indicating a low number of false negatives. Conclusion. It was found that data standardization had a favorable impact on all metrics and should be used carefully. Overall, our experiments showed that malicious network traffic can be successfully detected using automated methods achieving above 95% of F1-score in the K-Nearest Neighbors algorithm (K-NN) classifier.

Downloads

Download data is not yet available.
Abstract
280
HTML 20
PDF 122

Downloads

Published

2023-04-15

How to Cite

Soto, J. C. (2023). Binary classification of malware by analyzing its behavior in the network using machine learning. Innovare: Revista De Ciencia Y tecnología, 12(1), 30–36. https://doi.org/10.5377/innovare.v12i1.15956

Issue

Section

Original article

Similar Articles

1 2 3 4 5 > >> 

You may also start an advanced similarity search for this article.