Intersection Features For Android Botnet Classification

The evolution of the Internet of things (IoT) has made a significant impact and availed opportunities for mobile device usage on human life. Many of IoT devices will be supposedly controlled through a mobile, giving application (apps) developers great opportunities in the development of new applications. However, hackers are continuously developing malicious applications especially Android botnet to steal private information, causing financial losses and breach user privacy. This paper proposed an enhancement approach for Android botnet classification based on features selection and classification algorithms. The proposed approach used requested permissions in the Android app and API function as features to differentiate between the Android botnet apps and benign apps. The Chi Square was used to select the most significant permissions, then the classification algorithms like Naïve Bayes and Decision Tree were used to classify the Android apps as botnet or benign apps. The results showed that Decision Tree with Chi-Square feature selection achieved the highest detection accuracy of 98.6% which was higher than other classifiers

Simulation Of Token Bucket Algorithm For Network Traffic Performance

The internet isthe most important medium for users in the cyber world. Along with the development of internet technologies allows users to do multi-tasking,nonetheless, itinitiates collision.The traffic collision is one of the problems that occurred in the wired network. In order to provide a high-performance network, the quality-of-service (QoS) is required. Traffic shaping is one of the tools that can provide QoS in the network traffic. However, implementing the basic mechanism of traffic shaping cannot solve this issue. In this research, the optimal size of bucket in Token Bucket Algorithm(TBA)is used as one of the techniques in traffic shaping. The variables of this algorithm are modified in order to offer the effective proposed token bucket size that can be used in wired network and tested using OPNET modeler. This algorithm has successfully reduced the delay in the network traffic and improve the response time when users request several applications concurrently

Analysis of Data Mining Tools for Android Malware Detection

There are various data mining tools available to analyze data related android malware detection. However, the problem arises in deciding the most appropriate machine learning techniques or algorithm on particular tools to be implemented on particular data. This research is focusing only on classification techniques. Hence, the objective of this research is to identify the best machine learning technique or algorithm on selected tool for android malware detection. Five techniques: Random Forest, Naive Bayes, Support Vector Machine, Forest, K-Nearest Neighbour and Adaboost are selected and applied in selected tools namely Weka and Orange. The result shows that Adaboost technique in Weka tool and Random Forest technique in Orange tool has obtained accuracy above 80% compare to other techniques. This result provides an option for the researcher on applying technique or algorithm on selected tool when analyzing android malware data

Structure optimization of neural network for dynamic system modeling using multi-objective genetic algorithm

The problem of constructing an adequate and parsimonious neural network topology for modeling non-linear dynamic system is studied and investigated. Neural networks have been shown to perform function approximation and represent dynamic systems. The network structures are usually guessed or selected in accordance with the designer's prior knowledge. However, the multiplicity of the model parameters makes it troublesome to get an optimum structure. In this paper, an alternative algorithm based on a multi-objective optimization algorithm is proposed. The developed neural network model should fulfil two criteria or objectives namely good predictive accuracy and minimum model structure. The result shows that the proposed algorithm is able to identify simulated examples correctly, and identifies the adequate model for real process data based on a set of solutions called the Pareto optimal set, from which the best network can be selected

Generate optimal number of features in mobile malware classification using Venn diagram intersection

Smartphones are growing more susceptible as technology develops because they contain sensitive data that offers a severe security risk if it falls into the wrong hands. The Android OS includes permissions as a crucial component for safeguarding user privacy and confidentiality. On the other hand, mobile malware continues to struggle with permission misuse. Although permission-based detection is frequently utilized, the significant false alarm rates brought on by the permission-based issue are thought to make it inadequate. The present detection method has a high incidence of false alarms, which reduces its ability to identify permission-based attacks. By using permission features with intent, this research attempted to improve permission-based detection. However, it creates an excessive number of features and increases the likelihood of false alarms. In order to generate the optimal number of features created and boost the quality of features chosen, this research developed an intersection feature approach. Performance was assessed using metrics including accuracy, TPR, TNR, and FPR. The most important characteristics were chosen using the Correlation Feature Selection, and the malicious program was categorized using SVM and naive Bayes. The Intersection Feature Technique, according to the findings, reduces characteristics from 486 to 17, has a 97 percent accuracy rate, and produces 0.1 percent false alarms

Threshold verification using statistical approach for fast attack detection

Network has grows to a mammoth size and becoming more complex, thus exposing the services it offers towards multiple types of intrusion vulnerabilities.One method to overcome intrusion is by introducing Intrusion Detection System (IDS) for detecting the threat before it can damage the network resources.IDS have the ability to analyze network traffic and recognize incoming and on-going network attack.In detecting intrusion attack, Information gathering on such activity can be classified into fast attack and slow attack.Yet, majority of the current intrusion detection systems do not have the ability to differentiate between these two types of attacks. Early detection of fast attack is very useful in a real time environment; in which it can help the targeted network from further intrusion that could let the intruder to gain access to the vulnerable machine.To address this challenge, this paper introduces a fast attack detection framework that set a threshold value to differentiate between the normal network traffic and abnormal network traffic on the victim perspective. The threshold value is abstract with the help of suitable set of feature used to detect the anomaly in the network. By introducing the threshold value, anomaly based detection can build a complete profile to detect any intrusion threat as well as at the same time reducing it false alarm alert

Enhanced intrusion detection capabilities via weighted chi-square, discretization and SVM

Anomaly Intrusion Detection Systems (ADSs) identify patterns of network data behaviour to determine whether they are normal or represent an attack using the learning detection model. Much research has been conducted on enhancing ADSs particularly in the area of data mining that focuses on intrusive behaviour detection. Unfortunately, the current detection models such as the support vector machine (SVM) is affected by high dimensional data which limits its ability to accurately classify data. Moreover, the data points which appear similar between intrusive and regular behaviours could be problematic as some innovated attack behaviours may not be detected. To overcome this SVM drawback, we propose a combination of weighted chi-square (WCS) as a feature selection (FS) and a Discretization process (D). The WCS method is used firstly to reduce the dimensionality of data following which the assembled records are transformed into interval values via the D process before the SVM is used to identify groups of samples that behave similarly and dissimilarly such as malicious and non-malicious activities. Experiments were performed with well-known NSL-KDD data sets and the results show that the proposed method namely WCS-D-SVM (weighted chi-square, discretization and support vector machine) significantly improved and enhanced accuracy and detection rates while decreasing the false positives which the single SVM classifier produces

Formulation Of Association Rule Mining (ARM) For An Effective Cyber Attack Attribution In Cyber Threat Intelligence (CTI)

In recent year, an adversary has improved their Tactic, Technique and Procedure (TTPs) in launching cyberattack that make it less predictable, more persistent, resourceful and better funded. So many organisation has opted to use Cyber Threat Intelligence (CTI) in their security posture in attributing cyberattack effectively. However, to fully leverage the massive amount of data in CTI for threat attribution, an organisation needs to spend their focus more on discovering the hidden knowledge behind the voluminous data to produce an effective cyberattack attribution. Hence this paper emphasized on the research of association analysis in CTI process for cyber attack attribution. The aim of this paper is to formulate association ruleset to perform the attribution process in the CTI. The Apriori algorithm is used to formulate association ruleset in association analysis process and is known as the CTI Association Ruleset (CTI-AR). Interestingness measure indicator specially support (s), confidence (c) and lift (l) are used to measure the practicality, validity and filtering the CTI-AR. The results showed that CTI-AR effectively identify the attributes, relationship between attributes and attribution level group of cyberattack in CTI. This research has a high potential of being expanded into cyber threat hunting process in providing a more proactive cybersecurity environment

Discovering Cyber Terrorism Using Trace Pattern

Nowadays, as the Internet user increased, the number of cyber threats is also increased. Internet has provided a medium for criminal to do the crime and become the target for cyber terrorist to spread their negative propaganda, and promote extreme activities. One of the crimes is cyber terrorism. Cyber terrorism became more sophisticated and it difficult to discover its activities. Hence, this paper proposes tracing technique for discovering cyber terrorism based on trace pattern. Trace pattern will represent the behavior and activities of cyber terrorism. Cyber terrorist's website is used as the datasets. Using tracing technique, cyber terrorist's activities are identified by extraction and classifying the traces to the keyword that is usually used by the terrorist. Then, the traces will be linked with the cyber terrorism components in order to identify the relationship between them. Using trace pattern, the verification process will be conducted to verify the traces in order to identify the cyber terrorism activities and potential terrorist. This trace pattern can be used in facilitating the forensic investigation process in discovering cyber terrorism activities