Threshold verification using statistical approach for fast attack detection

Network has grows to a mammoth size and becoming more complex, thus exposing the services it offers towards multiple types of intrusion vulnerabilities.One method to overcome intrusion is by introducing Intrusion Detection System (IDS) for detecting the threat before it can damage the network resources.IDS have the ability to analyze network traffic and recognize incoming and on-going network attack.In detecting intrusion attack, Information gathering on such activity can be classified into fast attack and slow attack.Yet, majority of the current intrusion detection systems do not have the ability to differentiate between these two types of attacks. Early detection of fast attack is very useful in a real time environment; in which it can help the targeted network from further intrusion that could let the intruder to gain access to the vulnerable machine.To address this challenge, this paper introduces a fast attack detection framework that set a threshold value to differentiate between the normal network traffic and abnormal network traffic on the victim perspective. The threshold value is abstract with the help of suitable set of feature used to detect the anomaly in the network. By introducing the threshold value, anomaly based detection can build a complete profile to detect any intrusion threat as well as at the same time reducing it false alarm alert

Mobile Malware Behaviour through Opcode Analysis

As the popularity of mobile devices are on the rise, millions of users are now exposed to mobile malware threats. Malware is known for its ability in causing damage to mobile devices. Attackers often use it as a way to use the resources available and for other cybercriminal benefits such stealing users’ data, credentials and credit card number. Various detection techniques have been introduced in mitigating mobile malware, yet the malware author has its own method to overcome the detection method. This paper presents mobile malware analysis approaches through opcode analysis. Opcode analysis on mobile malware reveals the behaviour of malicious application in the binary level. The comparison made between the numbers of opcode occurrence from a malicious application and benign shows a significance traits. These differences can be used in classifying the malicious and benign mobile application

An Overview Diversity Framework for Internet of Things (IoT) Forensic Investigation

The increasing utilization of IoT technology in various fields creates opportunities and risks for investigating all cybercrimes. At the same time, many research studies have concentrated on security and forensic investigations to collect digital evidence on IoT devices. However, until now, the IoT platform has not fully evolved to adjust the tools, methods, and procedures of IoT forensic investigations. The main reasons for investigators are the characteristics and infrastructure of IoT devices. For example, device number variations, heterogeneity, distribution of protocols used, data duplication, complexity, limited memory, etc. As a result, resulting is a tough challenge to identify, collect, examine, analyze, and present potential IoT digital evidence for forensic investigative processes effectively and efficiently. Indeed, there is not fully used and adapted international standard for the perfect IoT forensic investigation framework. In the research method, a literature review has been carried out by producing previous research studies that have contributed to further facing challenges. To keep the quality of the literature review, research questions (RQ) were conducted for all studies related to the IoT forensic investigation framework between 2015-2022. This research results highlight and provides a comprehensive overview of the twenty current IoT forensic investigation framework that has been proposed. Then, a summary or contribution is presented focusing on the latest research, grouping the forensic phases, and evaluating essential frameworks in the IoT forensic investigation process to obtain digital evidence. Finally, open research issues are presented for further research in developing IoT forensic investigative framework

Machine Learning for HTTP Botnet Detection Using Classifier Algorithms

Recently, HTTP based Botnet threat has become a serious problem for computer security experts as bots can infect victim’s computer quick and stealthily. By using HTTP protocol, Bots are able to hide their communication flow within normal HTTP communications. In addition, since HTTP protocol is widely used by internet application, it is not easy to block this service as a precautionary approach. Thus, it is needed for expert finding ways to detect the HTTP Botnet in network traffic effectively. In this paper, we propose to implement machine learning classifiers, to detect HTTP Botnets. Network traffic dataset used in this research is extracted based on TCP packet feature. We also able to find the best machine learning classifier in our experiment. The proposed method is able to classify HTTP Botnet in network traffic using the best classifier in the experiment with an average accuracy of 92.93%

Coordinated Malware Eradication And Remediation Project (CMERP)

The rate of malware spreading via the internet keep increasing and lead to a serious threat particularly to the host nowadays. A number of researchers keep on proposing various alternative framework consisting detection methods day by days in combating activities such as single classification and rule based approach. However, such detection method still lack in differentiate the malwares behaviours and cause the rate of falsely identified rate i.e. false positive and false negative increased. Therefore, integrated machine learning techniques comprises J48 and JRip are proposed as a solution in distinguish malware behaviour more accurately. This integrated classifier algorithm applied to analyse, classify and generate rules of the pattern and program behaviour of system call information in which the legal and illegal behaviours could identified. The result showed that the integrated classifier between J48 and JRip significantly improved the detection rate as compare to the single classifier