Neural Network with Principal Component Analysis for Malware Detection using Network Traffic Features

Engel, Ventje Jeremias Lewi; Engel, Mychael Maoeretz; Joshua, Evan

View/Open

Abstract (79.24Kb)

Cover, TOC, Content (497.8Kb)

Peer Review (934.3Kb)

Plagiarism (1.443Mb)

Date

2020

Author

Engel, Ventje Jeremias Lewi

Engel, Mychael Maoeretz

Joshua, Evan

Metadata

Show full item record

Abstract

Network traffic acts as a medium for sending information used by hackers to communicate with malware on the victim's device. Malware analysed in this study will be divided into three classes, namely adware, general malware, and benign. Malware classification will use 79 features extracted from network traffic flow, and analysis of these features will use Neural Network and Principal Component Analysis (PCA). The total flow of network traffic used is 442,240 data. The evaluation of malware detection is based on Fmeasure rather than traditional accuracy metric. The literature features set (15 features) produces an Fmeasure of 0.6404, the researcher features set (12 features) produces an F-measure of 0.6660, and the PCA features (23 features) produces an F-measure of 0.7389. This concludes that PCA can generate features that have better result for malware detection with Neural Network algorithm. Aside from PCA result, it is shown that more features used does not mean that the accuracy of malware detection will also increase. The drawback of using PCA is the loss of interpretability. Further research is needed on the analysis of the combination of network traffic features besides using PCA.

URI

http://dspace.uc.ac.id/handle/123456789/3998

Collections

Lecture Papers International Published Articles