Neural Network with Principal Component Analysis for Malware Detection using Network Traffic Features

Abstract

Network traffic acts as a medium for sending information used by hackers to communicate with malware on the victim's device. Malware analysed in this study will be divided into three classes, namely adware, general malware, and benign. Malware classification will use 79 features extracted from network traffic flow, and analysis of these features will use Neural Network and Principal Component Analysis (PCA). The total flow of network traffic used is 442,240 data. The evaluation of malware detection is based on Fmeasure rather than traditional accuracy metric. The literature features set (15 features) produces an Fmeasure of 0.6404, the researcher features set (12 features) produces an F-measure of 0.6660, and the PCA features (23 features) produces an F-measure of 0.7389. This concludes that PCA can generate features that have better result for malware detection with Neural Network algorithm. Aside from PCA result, it is shown that more features used does not mean that the accuracy of malware detection will also increase. The drawback of using PCA is the loss of interpretability. Further research is needed on the analysis of the combination of network traffic features besides using PCA.