Analysis of Malware Impact on Network Traffic using Behavior-based Detection Technique

Malware is a software or computer program that is used to carry out malicious activity. Malware is made with the aim of harming user’s device because it can change user’s data, use up bandwidth and other resources without user's permission. Some research has been done before to identify the type of malware and its effects. But previous research only focused on grouping the types of malware that attack via network traffic. This research analyzes the impact of malware on network traffic using behavior-based detection techniques. This technique analyzes malware by running malware samples into an environment and monitoring the activities caused by malware samples. To obtain accurate results, the analysis is carried out by retrieving API call network information and network traffic activities. From the analysis of the malware API call network, information is generated about the order of the API call network used by malware. Using the network traffic, obtained malware activities by analyzing the behavior of network traffic malware, payload, and throughput of infected traffic. Furthermore, the results of the API call network sequence used by malware and the results of network traffic analysis, are analyzed so that the impact of malware on network traffic can be determined

An innovative custom cyber security solution for protecting enterprises and corporates’ assets

Anti-virus software has been the main defense against malicious application and will remain so in the future. However the strength of an anti-virus product will depend on having an updated virus signature and the heuristic engine to detect future and unknown virus. The time gap between an exploit appearing on the internet and the user receiving an update for their anti-virus signature database on their machine is very crucial. Having a diverse multi-Engine anti-virus scanner in the infrastructure with the capability for custom signature definition as part of a defence in-depth strategy will help to close that gap. This paper presents a technique of deploying more than one anti-virus solution at different layers and using custom anti-virus signature which is deployed in a custom proxy solution as part of a defence in-depth strategy

Reviewer Integration and Performance Measurement for Malware Detection

We present and evaluate a large-scale malware detection system integrating machine learning with expert reviewers, treating reviewers as a limited labeling resource. We demonstrate that even in small numbers, reviewers can vastly improve the system's ability to keep pace with evolving threats. We conduct our evaluation on a sample of VirusTotal submissions spanning 2.5 years and containing 1.1 million binaries with 778GB of raw feature data. Without reviewer assistance, we achieve 72% detection at a 0.5% false positive rate, performing comparable to the best vendors on VirusTotal. Given a budget of 80 accurate reviews daily, we improve detection to 89% and are able to detect 42% of malicious binaries undetected upon initial submission to VirusTotal. Additionally, we identify a previously unnoticed temporal inconsistency in the labeling of training datasets. We compare the impact of training labels obtained at the same time training data is first seen with training labels obtained months later. We find that using training labels obtained well after samples appear, and thus unavailable in practice for current training data, inflates measured detection by almost 20 percentage points. We release our cluster-based implementation, as well as a list of all hashes in our evaluation and 3% of our entire dataset.Comment: 20 papers, 11 figures, accepted at the 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2016