Applying machine learning techniques for detection of malicious code in network traffic

Yuval Elovici, Asaf Shabtai, Robert Moskovitch, Gil Tahn, Chanan Glezer

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

63 Scopus citations

Abstract

The Early Detection, Alert and Response (eDare) system is aimed at purifying Web traffic propagating via the premises of Network Service Providers (NSP) from malicious code. To achieve this goal, the system employs powerful network traffic scanners capable of cleaning traffic from known malicious code. The remaining traffic is monitored and Machine Learning (ML) algorithms are invoked in an attempt to pinpoint unknown malicious code exhibiting suspicious morphological patterns. Decision trees, Neural Networks and Bayesian Networks are used for static code analysis in order to determine whether a suspicious executable file actually inhabits malicious code. These algorithms are being evaluated and preliminary results are encouraging.

Original languageEnglish
Title of host publicationKI 2007
Subtitle of host publicationAdvances in Artificial Intelligence - 30th Annual German Conference on AI, KI 2007, Proceedings
Pages44-50
Number of pages7
DOIs
StatePublished - 2007
Externally publishedYes
Event30th Annual German Conference on Artificial Intelligence, KI 2007 - Osnabruck, Germany
Duration: 10 Sep 200713 Sep 2007

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4667 LNAI
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference30th Annual German Conference on Artificial Intelligence, KI 2007
Country/TerritoryGermany
CityOsnabruck
Period10/09/0713/09/07

Keywords

  • Feature selection
  • Machine learning
  • Malicious code
  • Network Service Provider (NSP)

Fingerprint

Dive into the research topics of 'Applying machine learning techniques for detection of malicious code in network traffic'. Together they form a unique fingerprint.

Cite this