Detection of Cyber Malware Attack Based on Network Traffic Features Using Neural Network

Abstract

Various techniques have been developed to detect cyber malware attacks, such as behavior based method which utilizes the analysis of permissions and system calls made by a process. However, this technique cannot handle the types of malware that continue to evolve. Therefore, an analysis of other suspicious activities-namely network traffic or network traffic-need to be conducted. Network traffic acts as a medium for sending information used by malware developers to communicate with malware infecting a victim's device. Malware analyzed in this study is divided into 3 classes, namely adware, general malware, and benign. The malware classification implements 79 features extracted from network traffic flow and an analysis of these features using a Neural Network that matches the characteristics of a time-series feature. The total flow of network traffic used is 442,240 data. The results showed that 15 main features selected based on literature studies resulted in F-measure 0.6404 with hidden neurons 12, learning rate 0.1, and epoch 300. As a comparison, the researchers chose 12 features based on the nature of the malware possessed, with the F-measure score of 0.666 with hidden neurons 12, learning rate 0.05, and epoch 300. This study found the importance of data normalization technique to ensure that no feature was far more dominant than other features. It was concluded that the analysis of network traffic features using Neural Network can be used to detect cyber malware attacks and more features does not imply better detection performance, but real-time malware detection is required for network traffic on IoT devices and smartphones.