Malware (malicious software) is a world wide epidemic that has existed for over than 40 years in various forms. The impact of malware is getting worse and the trend of the 21◦century is to use it to take control of an organized group of machines called botnets. The methodology for malware detection proposed in this dissertation leverages on the useof Network Traffic Data Mining, and Machine Learning algorithms with appropriate feature selection. We defined a complete process for the creation of aneffective and efficient dynamic dataset, which comes updated on a daily bases, to properlytrain Machine Learning (ML) models in combination with an environment for accurate and proactive detection in a monitored network. For identifying complex patterns and traffic features, we adopted Deep Learning malware classification approach following a strategy known as Statistical Flow Analysis that defines the detection standards based on network analysis. The difficulty in detecting malware is that they evolve over time. In this dissertation, we investigate the effectiveness of using the anomalies, detected in the network traffic by security tools to train machine learning supervised models. In particular, in our framework we apply a dynamic system of investigation and a behavioral knowledge base strategy to distinguish malware without erroneously blocking legitimate traffic or increasing false alarms. We used a knowledge base of recent traffic data can be used to predict future traffic patterns and aggregated new synthesized data from log traffic, and we tested different network topologies using Software Defined Networking paradigm to virtualize statistical malware activities.

Strategie di Miglioramento delle Prestazioni per rilevamento del traffico di malware con Modelli di Apprendimento Automatico / Letteri, Ivan. - (2020 Nov 27).

Strategie di Miglioramento delle Prestazioni per rilevamento del traffico di malware con Modelli di Apprendimento Automatico

LETTERI, IVAN
2020-11-27T00:00:00+01:00

Abstract

Malware (malicious software) is a world wide epidemic that has existed for over than 40 years in various forms. The impact of malware is getting worse and the trend of the 21◦century is to use it to take control of an organized group of machines called botnets. The methodology for malware detection proposed in this dissertation leverages on the useof Network Traffic Data Mining, and Machine Learning algorithms with appropriate feature selection. We defined a complete process for the creation of aneffective and efficient dynamic dataset, which comes updated on a daily bases, to properlytrain Machine Learning (ML) models in combination with an environment for accurate and proactive detection in a monitored network. For identifying complex patterns and traffic features, we adopted Deep Learning malware classification approach following a strategy known as Statistical Flow Analysis that defines the detection standards based on network analysis. The difficulty in detecting malware is that they evolve over time. In this dissertation, we investigate the effectiveness of using the anomalies, detected in the network traffic by security tools to train machine learning supervised models. In particular, in our framework we apply a dynamic system of investigation and a behavioral knowledge base strategy to distinguish malware without erroneously blocking legitimate traffic or increasing false alarms. We used a knowledge base of recent traffic data can be used to predict future traffic patterns and aggregated new synthesized data from log traffic, and we tested different network topologies using Software Defined Networking paradigm to virtualize statistical malware activities.
Strategie di Miglioramento delle Prestazioni per rilevamento del traffico di malware con Modelli di Apprendimento Automatico / Letteri, Ivan. - (2020 Nov 27).
File in questo prodotto:
File Dimensione Formato  
ICT_LETTERI Ivan_XXXII ciclo.pdf

accesso aperto

Descrizione: Tesi
Tipologia: Tesi di dottorato
Dimensione 18.17 MB
Formato Adobe PDF
18.17 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11697/163416
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact