Evaluation of secular changes in statistical features of traffic for the purpose of malware detection

Kenji Kawamoto; Masatsugu Ichino; Mitsuhiro Hatada; Yusuke Otsuki; Hiroshi Yoshiura; Jiro Katto

doi:10.1007/978-3-642-32172-6_1

Evaluation of secular changes in statistical features of traffic for the purpose of malware detection

Kenji Kawamoto^*, Masatsugu Ichino, Mitsuhiro Hatada, Yusuke Otsuki, Hiroshi Yoshiura, Jiro Katto

^*Corresponding author for this work

School of Fundamental Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

Applications and malware affecting them are dramatically changing. It isn't certain whether the currently used features can classify normal traffic or malware traffic correctly. In this paper, we evaluated the features used in previous studies while taking into account secular changes to classify normal traffic into the normal category and anomalous traffic into the anomalous category correctly. A secular change in this study is a difference in a feature between the date the training data were caputred and the date the test data were captured in the same circumstance. The evaluation is based on the Euclidean distance between the normal codebook or anomalous codebook made by vector quantization and the test data. We report on what causes these secular changes and which features with little or no secular change are effective for malware detection.

Original language	English
Title of host publication	Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012
Publisher	Springer Verlag
Pages	1-11
Number of pages	11
ISBN (Print)	9783642321719
DOIs	https://doi.org/10.1007/978-3-642-32172-6_1
Publication status	Published - 2013

Publication series

Name	Studies in Computational Intelligence
Volume	443
ISSN (Print)	1860-949X

ASJC Scopus subject areas

Artificial Intelligence

Access to Document

10.1007/978-3-642-32172-6_1

Cite this

Kawamoto, K., Ichino, M., Hatada, M., Otsuki, Y., Yoshiura, H., & Katto, J. (2013). Evaluation of secular changes in statistical features of traffic for the purpose of malware detection. In Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012 (pp. 1-11). (Studies in Computational Intelligence; Vol. 443). Springer Verlag. https://doi.org/10.1007/978-3-642-32172-6_1

Evaluation of secular changes in statistical features of traffic for the purpose of malware detection. / Kawamoto, Kenji; Ichino, Masatsugu; Hatada, Mitsuhiro et al.
Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012. Springer Verlag, 2013. p. 1-11 (Studies in Computational Intelligence; Vol. 443).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kawamoto, K, Ichino, M, Hatada, M, Otsuki, Y, Yoshiura, H & Katto, J 2013, Evaluation of secular changes in statistical features of traffic for the purpose of malware detection. in Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012. Studies in Computational Intelligence, vol. 443, Springer Verlag, pp. 1-11. https://doi.org/10.1007/978-3-642-32172-6_1

Kawamoto K, Ichino M, Hatada M, Otsuki Y, Yoshiura H, Katto J. Evaluation of secular changes in statistical features of traffic for the purpose of malware detection. In Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012. Springer Verlag. 2013. p. 1-11. (Studies in Computational Intelligence). doi: 10.1007/978-3-642-32172-6_1

@inproceedings{49765ce604804e6098cf9bbde1176802,

title = "Evaluation of secular changes in statistical features of traffic for the purpose of malware detection",

abstract = "Applications and malware affecting them are dramatically changing. It isn't certain whether the currently used features can classify normal traffic or malware traffic correctly. In this paper, we evaluated the features used in previous studies while taking into account secular changes to classify normal traffic into the normal category and anomalous traffic into the anomalous category correctly. A secular change in this study is a difference in a feature between the date the training data were caputred and the date the test data were captured in the same circumstance. The evaluation is based on the Euclidean distance between the normal codebook or anomalous codebook made by vector quantization and the test data. We report on what causes these secular changes and which features with little or no secular change are effective for malware detection.",

author = "Kenji Kawamoto and Masatsugu Ichino and Mitsuhiro Hatada and Yusuke Otsuki and Hiroshi Yoshiura and Jiro Katto",

year = "2013",

doi = "10.1007/978-3-642-32172-6_1",

language = "English",

isbn = "9783642321719",

series = "Studies in Computational Intelligence",

publisher = "Springer Verlag",

pages = "1--11",

booktitle = "Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012",

}

TY - GEN

T1 - Evaluation of secular changes in statistical features of traffic for the purpose of malware detection

AU - Kawamoto, Kenji

AU - Ichino, Masatsugu

AU - Hatada, Mitsuhiro

AU - Otsuki, Yusuke

AU - Yoshiura, Hiroshi

AU - Katto, Jiro

PY - 2013

Y1 - 2013

N2 - Applications and malware affecting them are dramatically changing. It isn't certain whether the currently used features can classify normal traffic or malware traffic correctly. In this paper, we evaluated the features used in previous studies while taking into account secular changes to classify normal traffic into the normal category and anomalous traffic into the anomalous category correctly. A secular change in this study is a difference in a feature between the date the training data were caputred and the date the test data were captured in the same circumstance. The evaluation is based on the Euclidean distance between the normal codebook or anomalous codebook made by vector quantization and the test data. We report on what causes these secular changes and which features with little or no secular change are effective for malware detection.

AB - Applications and malware affecting them are dramatically changing. It isn't certain whether the currently used features can classify normal traffic or malware traffic correctly. In this paper, we evaluated the features used in previous studies while taking into account secular changes to classify normal traffic into the normal category and anomalous traffic into the anomalous category correctly. A secular change in this study is a difference in a feature between the date the training data were caputred and the date the test data were captured in the same circumstance. The evaluation is based on the Euclidean distance between the normal codebook or anomalous codebook made by vector quantization and the test data. We report on what causes these secular changes and which features with little or no secular change are effective for malware detection.

UR - http://www.scopus.com/inward/record.url?scp=84867658581&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84867658581&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-32172-6_1

DO - 10.1007/978-3-642-32172-6_1

M3 - Conference contribution

AN - SCOPUS:84867658581

SN - 9783642321719

T3 - Studies in Computational Intelligence

SP - 1

EP - 11

BT - Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing 2012

PB - Springer Verlag

ER -

Evaluation of secular changes in statistical features of traffic for the purpose of malware detection

Abstract

Publication series

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this