Applying machine learning techniques for detection of malicious code in network traffic

Yuval Elovici; Asaf Shabtai; Robert Moskovitch; Gil Tahn; Chanan Glezer

doi:10.1007/978-3-540-74565-5_5

Applying machine learning techniques for detection of malicious code in network traffic

Yuval Elovici, Asaf Shabtai, Robert Moskovitch, Gil Tahn, Chanan Glezer

نتاج البحث: فصل من :كتاب / تقرير / مؤتمر › منشور من مؤتمر › مراجعة النظراء

64 اقتباسات (Scopus)

ملخص

The Early Detection, Alert and Response (eDare) system is aimed at purifying Web traffic propagating via the premises of Network Service Providers (NSP) from malicious code. To achieve this goal, the system employs powerful network traffic scanners capable of cleaning traffic from known malicious code. The remaining traffic is monitored and Machine Learning (ML) algorithms are invoked in an attempt to pinpoint unknown malicious code exhibiting suspicious morphological patterns. Decision trees, Neural Networks and Bayesian Networks are used for static code analysis in order to determine whether a suspicious executable file actually inhabits malicious code. These algorithms are being evaluated and preliminary results are encouraging.

اللغة الأصلية	الإنجليزيّة
عنوان منشور المضيف	KI 2007
العنوان الفرعي لمنشور المضيف	Advances in Artificial Intelligence - 30th Annual German Conference on AI, KI 2007, Proceedings
الصفحات	44-50
عدد الصفحات	7
المعرِّفات الرقمية للأشياء	https://doi.org/10.1007/978-3-540-74565-5_5
حالة النشر	نُشِر - 2007
منشور خارجيًا	نعم
الحدث	30th Annual German Conference on Artificial Intelligence, KI 2007 - Osnabruck, ألمانيا المدة: ١٠ سبتمبر ٢٠٠٧ → ١٣ سبتمبر ٢٠٠٧

سلسلة المنشورات

الاسم	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
مستوى الصوت	4667 LNAI
رقم المعيار الدولي للدوريات (المطبوع)	0302-9743
رقم المعيار الدولي للدوريات (الإلكتروني)	1611-3349

!!Conference

!!Conference	30th Annual German Conference on Artificial Intelligence, KI 2007
الدولة/الإقليم	ألمانيا
المدينة	Osnabruck
المدة	١٠/٠٩/٠٧ → ١٣/٠٩/٠٧

الوصول إلى المستند

10.1007/978-3-540-74565-5_5

الملفات والروابط الأخرى

Link to publication in Scopus

قم بذكر هذا

Elovici, Y., Shabtai, A., Moskovitch, R., Tahn, G., & Glezer, C. (2007). Applying machine learning techniques for detection of malicious code in network traffic. في KI 2007: Advances in Artificial Intelligence - 30th Annual German Conference on AI, KI 2007, Proceedings (الصفحات 44-50). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); المجلد 4667 LNAI). https://doi.org/10.1007/978-3-540-74565-5_5

Elovici, Yuval ; Shabtai, Asaf ; Moskovitch, Robert وآخرون. / Applying machine learning techniques for detection of malicious code in network traffic. KI 2007: Advances in Artificial Intelligence - 30th Annual German Conference on AI, KI 2007, Proceedings. 2007. الصفحات 44-50 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{98e54746578145e6930c33b34cd8b202,

title = "Applying machine learning techniques for detection of malicious code in network traffic",

abstract = "The Early Detection, Alert and Response (eDare) system is aimed at purifying Web traffic propagating via the premises of Network Service Providers (NSP) from malicious code. To achieve this goal, the system employs powerful network traffic scanners capable of cleaning traffic from known malicious code. The remaining traffic is monitored and Machine Learning (ML) algorithms are invoked in an attempt to pinpoint unknown malicious code exhibiting suspicious morphological patterns. Decision trees, Neural Networks and Bayesian Networks are used for static code analysis in order to determine whether a suspicious executable file actually inhabits malicious code. These algorithms are being evaluated and preliminary results are encouraging.",

keywords = "Feature selection, Machine learning, Malicious code, Network Service Provider (NSP)",

author = "Yuval Elovici and Asaf Shabtai and Robert Moskovitch and Gil Tahn and Chanan Glezer",

year = "2007",

doi = "10.1007/978-3-540-74565-5_5",

language = "אנגלית",

isbn = "9783540745648",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "44--50",

booktitle = "KI 2007",

note = "30th Annual German Conference on Artificial Intelligence, KI 2007 ; Conference date: 10-09-2007 Through 13-09-2007",

}

Elovici, Y, Shabtai, A, Moskovitch, R, Tahn, G & Glezer, C 2007, Applying machine learning techniques for detection of malicious code in network traffic. في KI 2007: Advances in Artificial Intelligence - 30th Annual German Conference on AI, KI 2007, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), المجلد 4667 LNAI, الصفحات 44-50, 30th Annual German Conference on Artificial Intelligence, KI 2007, Osnabruck, ألمانيا, ١٠/٠٩/٠٧. https://doi.org/10.1007/978-3-540-74565-5_5

Applying machine learning techniques for detection of malicious code in network traffic. / Elovici, Yuval; Shabtai, Asaf; Moskovitch, Robert وآخرون.
KI 2007: Advances in Artificial Intelligence - 30th Annual German Conference on AI, KI 2007, Proceedings. 2007. صفحة 44-50 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); المجلد 4667 LNAI).

نتاج البحث: فصل من :كتاب / تقرير / مؤتمر › منشور من مؤتمر › مراجعة النظراء

TY - GEN

T1 - Applying machine learning techniques for detection of malicious code in network traffic

AU - Elovici, Yuval

AU - Shabtai, Asaf

AU - Moskovitch, Robert

AU - Tahn, Gil

AU - Glezer, Chanan

PY - 2007

Y1 - 2007

N2 - The Early Detection, Alert and Response (eDare) system is aimed at purifying Web traffic propagating via the premises of Network Service Providers (NSP) from malicious code. To achieve this goal, the system employs powerful network traffic scanners capable of cleaning traffic from known malicious code. The remaining traffic is monitored and Machine Learning (ML) algorithms are invoked in an attempt to pinpoint unknown malicious code exhibiting suspicious morphological patterns. Decision trees, Neural Networks and Bayesian Networks are used for static code analysis in order to determine whether a suspicious executable file actually inhabits malicious code. These algorithms are being evaluated and preliminary results are encouraging.

AB - The Early Detection, Alert and Response (eDare) system is aimed at purifying Web traffic propagating via the premises of Network Service Providers (NSP) from malicious code. To achieve this goal, the system employs powerful network traffic scanners capable of cleaning traffic from known malicious code. The remaining traffic is monitored and Machine Learning (ML) algorithms are invoked in an attempt to pinpoint unknown malicious code exhibiting suspicious morphological patterns. Decision trees, Neural Networks and Bayesian Networks are used for static code analysis in order to determine whether a suspicious executable file actually inhabits malicious code. These algorithms are being evaluated and preliminary results are encouraging.

KW - Feature selection

KW - Machine learning

KW - Malicious code

KW - Network Service Provider (NSP)

UR - http://www.scopus.com/inward/record.url?scp=38349051945&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-74565-5_5

DO - 10.1007/978-3-540-74565-5_5

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:38349051945

SN - 9783540745648

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 44

EP - 50

BT - KI 2007

T2 - 30th Annual German Conference on Artificial Intelligence, KI 2007

Y2 - 10 September 2007 through 13 September 2007

ER -

Elovici Y, Shabtai A, Moskovitch R, Tahn G, Glezer C. Applying machine learning techniques for detection of malicious code in network traffic. في KI 2007: Advances in Artificial Intelligence - 30th Annual German Conference on AI, KI 2007, Proceedings. 2007. صفحة 44-50. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-74565-5_5

Applying machine learning techniques for detection of malicious code in network traffic

ملخص

سلسلة المنشورات

!!Conference

الوصول إلى المستند

الملفات والروابط الأخرى

بصمة

قم بذكر هذا