TY - GEN
T1 - Applying machine learning techniques for detection of malicious code in network traffic
AU - Elovici, Yuval
AU - Shabtai, Asaf
AU - Moskovitch, Robert
AU - Tahn, Gil
AU - Glezer, Chanan
PY - 2007
Y1 - 2007
N2 - The Early Detection, Alert and Response (eDare) system is aimed at purifying Web traffic propagating via the premises of Network Service Providers (NSP) from malicious code. To achieve this goal, the system employs powerful network traffic scanners capable of cleaning traffic from known malicious code. The remaining traffic is monitored and Machine Learning (ML) algorithms are invoked in an attempt to pinpoint unknown malicious code exhibiting suspicious morphological patterns. Decision trees, Neural Networks and Bayesian Networks are used for static code analysis in order to determine whether a suspicious executable file actually inhabits malicious code. These algorithms are being evaluated and preliminary results are encouraging.
AB - The Early Detection, Alert and Response (eDare) system is aimed at purifying Web traffic propagating via the premises of Network Service Providers (NSP) from malicious code. To achieve this goal, the system employs powerful network traffic scanners capable of cleaning traffic from known malicious code. The remaining traffic is monitored and Machine Learning (ML) algorithms are invoked in an attempt to pinpoint unknown malicious code exhibiting suspicious morphological patterns. Decision trees, Neural Networks and Bayesian Networks are used for static code analysis in order to determine whether a suspicious executable file actually inhabits malicious code. These algorithms are being evaluated and preliminary results are encouraging.
KW - Feature selection
KW - Machine learning
KW - Malicious code
KW - Network Service Provider (NSP)
UR - http://www.scopus.com/inward/record.url?scp=38349051945&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-74565-5_5
DO - 10.1007/978-3-540-74565-5_5
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:38349051945
SN - 9783540745648
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 44
EP - 50
BT - KI 2007
T2 - 30th Annual German Conference on Artificial Intelligence, KI 2007
Y2 - 10 September 2007 through 13 September 2007
ER -