Skip to main content
SpringerLink
Log in

Machine Learning and Network Traffic to Distinguish Between Malware and Benign Applications

  • Conference paper
  • First Online:
Pervasive Knowledge and Collective Intelligence on Web and Social Media (PerSOM 2022)

Abstract

Virus detection software is widely used for servers, systems, and devices that seek to maintain security and reliability. Although these programs provide an excellent safety level, the traditional defense methods fail to detect new Malware. The more advanced approach relies on predicting malicious behavior with dynamic analysis of the process executed. This paper presents a new method for detecting malware using machine learning algorithms applied to data obtained from the Cuckoo sandbox. The Cuckoo sandbox isolates the file being analyzed, providing detailed dynamic analysis reports. The machine learning algorithms were compared and the most important features were identified. The results were obtained using six popular classifiers, including SVM, Random Forest, and LightGBM, and the XGBOOST algorithm had the highest accuracy, at an average of 97%. However, the research on machine learning-based malware analysis is limited in terms of computational complexity and detection accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ye, Y., Li, T., Adjeroh, D., Iyengar, S.S.: A survey on malware detection using data mining techniques. ACM Comput. Surv. 50(3), 1–40 (2017)

    Article  Google Scholar 

  2. Jerlin, M.A., Marimuthu, K.: A new malware detection system using machine learning techniques for API call sequences. J. Appl. Secur. Res. 13(1), 45–62 (2018)

    Article  Google Scholar 

  3. Biondi, F., Given-Wilson, T., Legay, A., Puodzius, C., Quilbeuf, J.: Tutorial: an overview of malware detection and evasion techniques. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 565–586. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03418-4_34

    Chapter  Google Scholar 

  4. Poudyal, S., Subedi, K.P., Dasgupta, D.: A framework for analyzing ransomware using machine learning. In: Proceedings of the 2018 IEEE Symposium Series on Computational Intelligence SSCI, January 2018, pp. 1692–1699 (2019)

    Google Scholar 

  5. Vurdelja, I., Blažić, I., Drašković, D., Nikolić, B.: Detection of Linux Malware Using System Tracers – An Overview of Solutions, pp. 1–6 (2020)

    Google Scholar 

  6. Niveditha, V.R., Ananthan, T.V., Amudha, S., Sam, D., Srinidhi, S.: Detect and classify zero day malware efficiently in big data platform. Int. J. Adv. Sci. Technol. 29(4) Special Issue, 1947–1954 (2020)

    Google Scholar 

  7. Rabadi, D., Teo, S.G.: Advanced windows methods on malware detection and classification, pp. 54–68 (2020)

    Google Scholar 

  8. Singh, J., Singh, J.: Assessment of supervised machine learning algorithms using dynamic API calls for malware detection. Int. J. Comput. Appl. 1–8 (2020)

    Google Scholar 

  9. Kumar, R., Alenezi, M., Ansari, M., Gupta, B., Agrawal, A., Khan, R.: Evaluating the impact of malware analysis techniques for securing web applications through a decision-making framework under fuzzy environment. Int. J. Intell. Eng. Syst. 13(6), 94–109 (2020)

    Google Scholar 

  10. Zhang, H., Xiao, X., Mercaldo, F., Ni, S., Martinelli, F., Sangaiah, A.K.: Classification of ransomware families with machine learning based on N-gram of opcodes. Future Gener. Comput. Syst. 90, 211–221 (2019)

    Article  Google Scholar 

  11. Singh, J., Singh, J.: Detection of malicious software by analyzing the behavioral artifacts using machine learning algorithms. Inf. Softw. Technol. 121, 106273 (2020)

    Article  Google Scholar 

  12. Alzaylaee, M.K., Yerima, S.Y., Sezer, S.: Emulator vs real phone: android malware detection using machine learning. In: IWSPA 2017 – Proceedings of the 3rd ACM International Workshop on Security and Privacy Analytics co-located with CODASPY 2017, pp. 65–72 (2017)

    Google Scholar 

  13. Kilgallon, S., De La Rosa, L., Cavazos, J.: Improving the effectiveness and efficiency of dynamic malware analysis with machine learning. In: Proceedings of the - 2017 Resilience Week, RWS 2017, pp. 30–36 (2017)

    Google Scholar 

  14. Kumar, R., Sethi, K., Prajapati, N., Rout, R.R., Bera, P.: Machine learning based malware detection in cloud environment using clustering approach. In: 2020 11th International Conference on Computing, Communication and Networking Technologies ICCCNT 2020 (2020)

    Google Scholar 

  15. Krüger, F.: Activity, context, and plan recognition with computational causal behaviour models. ResearchGate (2018)

    Google Scholar 

  16. Al-Shatnwai, A.M., Faris, M.: Predicting customer retention using XGBoost and balancing methods. Int. J. Adv. Comput. Sci. Appl. 11(7), 704–712 (2020)

    Google Scholar 

  17. Vafeiadis, T., Diamantaras, K.I., Sarigiannidis, G., Chatzisavvas, K.C.: A comparison of machine learning techniques for customer churn prediction. Simul. Model. Pract. Theor. 55, 1–9 (2015)

    Article  Google Scholar 

  18. Gul, F., et al.: A centralized strategy for multi-agent exploration. IEEE Access 10, 126871–126884 (2022)

    Article  Google Scholar 

  19. Abualigah, L., Elaziz, M.A., Khodadadi, N., Forestiero, A., Jia, H., Gandomi, A.H. Aquila optimizer based pso swarm intelligence for IoT task scheduling application in cloud computing. In: Houssein, E.H., Abd Elaziz, M., Oliva, D., Abualigah, L. (eds.) Integrating Meta-Heuristics and Machine Learning for Real-World Optimization Problems. Studies in Computational Intelligence, vol. 1038, pp. 481–497. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99079-4_19

  20. Abualigah, L., Forestiero, A., Elaziz, M.A.: Bio-inspired agents for a distributed NLP-based clustering in smart environments. In: Abraham, A., et al. (eds.) SoCPaR 2021. LNNS, vol. 417, pp. 678–687. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-96302-6_64

  21. Alzu’bi, D., et al.: Kidney tumor detection and classification based on deep learning approaches: a new dataset in CT scans. J. Healthc. Eng. (2022)

    Google Scholar 

  22. Khazalah, A., et al.: Image processing identification for sapodilla using convolution neural network (cnn) and transfer learning techniques. In: Abualigah, L. (eds.) Classification Applications with Deep Learning and Machine Learning Technologies. Studies in Computational Intelligence, vol. 1071, pp. 107–127. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-17576-3_5

  23. Melhem, M.K.B., Abualigah, L., Zitar, R.A., Hussien, A.G., Oliva, D.: Comparative study on Arabic text classification: challenges and opportunities. In: Abualigah, L. (eds.) Classification Applications with Deep Learning and Machine Learning Technologies. Studies in Computational Intelligence, vol. 1071, pp. 217–224. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-17576-3_10

  24. Anuar, N.A., et al.: Rambutan image classification using various deep learning approaches. In: Abualigah, L. (eds.) Classification Applications with Deep Learning and Machine Learning Technologies. Studies in Computational Intelligence, vol. 1071, pp. 23–43. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-17576-3_2

  25. Ke, C., et al.: Mango varieties classification-based optimization with transfer learning and deep learning approaches. In: Abualigah, L. (eds.) Classification Applications with Deep Learning and Machine Learning Technologies. Studies in Computational Intelligence, vol. 1071, pp. 45–65. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-17576-3_3

Download references

Author information

Authors and Affiliations

  1. Hourani Center for Applied Scientific Research, Al-Ahliyya Amman University, Amman, Jordan

    Laith Abualigah

  2. Faculty of Information Technology, Middle East University, Amman, Jordan

    Laith Abualigah

  3. Applied Science Research Center, Applied Science Private University, Amman, Jordan

    Laith Abualigah

  4. School of Computer Sciences, Universiti Sains Malaysia, George Town, Pulau Pinang, Malaysia

    Laith Abualigah

  5. Computer Science Department, Prince Hussein Bin Abdullah, Faculty for Information Technology, Al Al-Bayt University, Mafraq, 25113, Jordan

    Laith Abualigah

  6. Department of Computer Information Systems, Jordan University of Science and Technology, Ar-Ramtha, Jordan

    Sayel Abualigah & Mothanna Almahmoud

  7. Performance Computing and Networking, National Research Council of Italy, 87036, Rende, Italy

    Agostino Forestiero

  8. First Abu Dhabi Bank, Abu Dhabi, UAE

    Gagan Sachdeva

  9. Department of Computer Information System, Zarqa University, Zarqa, Jordan

    Essam S. Hanandeh

Authors
  1. Laith Abualigah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sayel Abualigah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mothanna Almahmoud
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Agostino Forestiero
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Gagan Sachdeva
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Essam S. Hanandeh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Laith Abualigah .

Editor information

Editors and Affiliations

  1. ICAR-CNR, University of Calabria, Rende, Italy

    Carmela Comito

  2. University of Calabria, Rende, Italy

    Domenico Talia

Rights and permissions

Reprints and permissions

Copyright information

© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abualigah, L., Abualigah, S., Almahmoud, M., Forestiero, A., Sachdeva, G., Hanandeh, E.S. (2023). Machine Learning and Network Traffic to Distinguish Between Malware and Benign Applications. In: Comito, C., Talia, D. (eds) Pervasive Knowledge and Collective Intelligence on Web and Social Media. PerSOM 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 494. Springer, Cham. https://doi.org/10.1007/978-3-031-31469-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-31469-8_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-31468-1

  • Online ISBN: 978-3-031-31469-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation