Abstract

Traditional malware detection methods based on static traffic characteristics and machine learning are hard to cope with the increasing number of APT malware variants. In order to alleviate this problem, this paper proposes a deep-learning-based malware classification approach that combines time sequence features and association rules features. This method uses the improved LSTM neural network structure named RESNET_LSTM and PARALLEL_LSTM to extract time sequence features of different protocol traffic. It also utilizes association analysis to generate quantitative rule features. Finally, we connect the time sequence feature vector and the quantization rule vector as input to deep learning models to detect malware traffic. We evaluated our proposed approach on a dataset consisting of malicious traffic generated by 57 types of malware and normal traffic. The experimental results demonstrate that the loss decline rate of PARALLEL_LSTM structure during the training phase is faster than that of the LSTM and RESNET_LSTM structures. When the RESNET_LSTM structure is used, the prediction accuracy is close to 100%, which is slightly higher than the other two structures. The accuracy of the detection methods proposed in this paper are all above 96%, while the accuracy of malware detection methods combined with static traffic characteristics and machine learning is about 85%.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.