Malware (malicious software) is a world wide epidemic that has existed for over than 40 years in various forms. The impact of malware is getting worse and the trend of the 21◦century is to use it to take control of an organized group of machines called botnets. The methodology for malware detection proposed in this dissertation leverages on the useof Network Traffic Data Mining, and Machine Learning algorithms with appropriate feature selection. We defined a complete process for the creation of aneffective and efficient dynamic dataset, which comes updated on a daily bases, to properlytrain Machine Learning (ML) models in combination with an environment for accurate and proactive detection in a monitored network. For identifying complex patterns and traffic features, we adopted Deep Learning malware classification approach following a strategy known as Statistical Flow Analysis that defines the detection standards based on network analysis. The difficulty in detecting malware is that they evolve over time. In this dissertation, we investigate the effectiveness of using the anomalies, detected in the network traffic by security tools to train machine learning supervised models. In particular, in our framework we apply a dynamic system of investigation and a behavioral knowledge base strategy to distinguish malware without erroneously blocking legitimate traffic or increasing false alarms. We used a knowledge base of recent traffic data can be used to predict future traffic patterns and aggregated new synthesized data from log traffic, and we tested different network topologies using Software Defined Networking paradigm to virtualize statistical malware activities.
Strategie di Miglioramento delle Prestazioni per rilevamento del traffico di malware con Modelli di Apprendimento Automatico / Letteri, Ivan. - (2020 Nov 27).
Strategie di Miglioramento delle Prestazioni per rilevamento del traffico di malware con Modelli di Apprendimento Automatico
LETTERI, IVAN
2020-11-27
Abstract
Malware (malicious software) is a world wide epidemic that has existed for over than 40 years in various forms. The impact of malware is getting worse and the trend of the 21◦century is to use it to take control of an organized group of machines called botnets. The methodology for malware detection proposed in this dissertation leverages on the useof Network Traffic Data Mining, and Machine Learning algorithms with appropriate feature selection. We defined a complete process for the creation of aneffective and efficient dynamic dataset, which comes updated on a daily bases, to properlytrain Machine Learning (ML) models in combination with an environment for accurate and proactive detection in a monitored network. For identifying complex patterns and traffic features, we adopted Deep Learning malware classification approach following a strategy known as Statistical Flow Analysis that defines the detection standards based on network analysis. The difficulty in detecting malware is that they evolve over time. In this dissertation, we investigate the effectiveness of using the anomalies, detected in the network traffic by security tools to train machine learning supervised models. In particular, in our framework we apply a dynamic system of investigation and a behavioral knowledge base strategy to distinguish malware without erroneously blocking legitimate traffic or increasing false alarms. We used a knowledge base of recent traffic data can be used to predict future traffic patterns and aggregated new synthesized data from log traffic, and we tested different network topologies using Software Defined Networking paradigm to virtualize statistical malware activities.| File | Dimensione | Formato | |
|---|---|---|---|
|
ICT_LETTERI Ivan_XXXII ciclo.pdf
accesso aperto
Descrizione: Tesi
Tipologia:
Tesi di dottorato
Dimensione
18.17 MB
Formato
Adobe PDF
|
18.17 MB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
