IDS Malicious Flow Classification

Authors
I-Hsien Liu1, Cheng-Hsiang Lo1, Ta-Che Liu1, Jung-Shian Li1, *, Chuan-Gang Liu2, Chu-Fen Li3
1Department of Electrical Engineering/Institute of Computer and Communication Engineering, National Cheng Kung University, Tainan City 70101, Taiwan
2Department of Applied Informatics and Multimedia, Chia-Nan University of Pharmacy and Science, Tainan City 71710, Taiwan
3Department of Finance, National Formosa University, Yunlin County 632, Taiwan
*Corresponding author. Email: [email protected]
Corresponding Author
Jung-Shian Li
Received 22 October 2019, Accepted 24 April 2020, Available Online 2 June 2020.
DOI
https://doi.org/10.2991/jrnal.k.200528.006
Keywords
NIDS; dynamic analysis; deep learning
Abstract
We will display two different kinds of experiments, which are Network-based Intrusion Detection System (NIDS)-based and dynamic-based analysis shows how artificial intelligence helps us detecting and classify malware. On the NID, we use CICIDS2017 as a research dataset, embedding high dimensional features and find out redundant features in the raw dataset by Random Forest algorithm, reach 99.93% accuracy and 0.3% of the false alert rate. We extract the function calls in malware data by the method proposed in this paper to generate text data. The algorithm n-gram and Term Frequency-Inverse Document Frequency (TF-IDF) are used to process text data, converts them into numeric features, and by another feature selection methods, we reduce the training time, achieve 87.08% accuracy, and save 87.97% training time in dynamic-based analysis.
Copyright
© 2020 The Authors. Published by ALife Robotics Corp. Ltd.
Open Access
This is an open access article distributed under the CC BY-NC 4.0 license (http://creativecommons.org/licenses/by-nc/4.0/).


Download article (PDF)