| dc.description.abstract | Various techniques have been developed to detect
cyber malware attacks, such as behavior based method which
utilizes the analysis of permissions and system calls made by a
process. However, this technique cannot handle the types of
malware that continue to evolve. Therefore, an analysis of other
suspicious activities – namely network traffic or network traffic –
need to be conducted. Network traffic acts as a medium for
sending information used by malware developers to communicate
with malware infecting a victim's device. Malware analyzed in
this study is divided into 3 classes, namely adware, general
malware, and benign. The malware classification implements 79
features extracted from network traffic flow and an analysis of
these features using a Neural Network that matches the
characteristics of a time-series feature. The total flow of network
traffic used is 442,240 data. The results showed that 15 main
features selected based on literature studies resulted in F-measure
0.6404 with hidden neurons 12, learning rate 0.1, and epoch 300.
As a comparison, the researchers chose 12 features based on the
nature of the malware possessed, with the F-measure score of
0.666 with hidden neurons 12, learning rate 0.05, and epoch 300.
This study found the importance of data normalization technique
to ensure that no feature was far more dominant than other
features. It was concluded that the analysis of network traffic
features using Neural Network can be used to detect cyber
malware attacks and more features does not imply better
detection performance, but real-time malware detection is
required for network traffic on IoT devices and smartphones. | en_US |
