Neural Network with Principal Component Analysis for Malware Detection using Network Traffic Features

Ventje Jeremias Lewi Engel, Mychael Maoeretz Engel, Evan Joshua

2019

Abstract

Network traffic acts as a medium for sending information used by hackers to communicate with malware on the victim’s device. Malware analyzed in this study will be divided into three classes, namely adware, general malware, and benign. Malware classification will use 79 features extracted from network traffic flow, and analysis of these features will use Neural Network and Principal Component Analysis (PCA). The total flow of network traffic used is 442,240 data. The evaluation of malware detection is based on Fmeasure rather than traditional accuracy metric. The literature features set (15 features) produces an Fmeasure of 0.6404, the researcher features set (12 features) produces an F-measure of 0.6660, and the PCA features (23 features) produces an F-measure of 0.7389. This result concludes that PCA can generate features that have better results for malware detection with Neural Network algorithm. Aside from the PCA result, it is shown that more features used does not mean that the accuracy of malware detection will also increase. The drawback of using PCA is the loss of interpretability. Further research is needed on the analysis of the combination of network traffic features besides using PCA.

Download


Paper Citation


in Harvard Style

Engel V., Engel M. and Joshua E. (2019). Neural Network with Principal Component Analysis for Malware Detection using Network Traffic Features.In Proceedings of the International Conferences on Information System and Technology - Volume 1: CONRIST, ISBN 978-989-758-453-4, pages 266-271. DOI: 10.5220/0009908902660271


in Bibtex Style

@conference{conrist19,
author={Ventje Jeremias Lewi Engel and Mychael Maoeretz Engel and Evan Joshua},
title={Neural Network with Principal Component Analysis for Malware Detection using Network Traffic Features},
booktitle={Proceedings of the International Conferences on Information System and Technology - Volume 1: CONRIST,},
year={2019},
pages={266-271},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009908902660271},
isbn={978-989-758-453-4},
}


in EndNote Style

TY - CONF

JO - Proceedings of the International Conferences on Information System and Technology - Volume 1: CONRIST,
TI - Neural Network with Principal Component Analysis for Malware Detection using Network Traffic Features
SN - 978-989-758-453-4
AU - Engel V.
AU - Engel M.
AU - Joshua E.
PY - 2019
SP - 266
EP - 271
DO - 10.5220/0009908902660271