1. UKM Learning and Research Repository
2. PHD Thesis / Tesis PHD
3. Faculty of Information Science and Technology / Fakulti Teknologi dan Sains Maklumat

Title:	Network-level behavioural malware analysis model based on Bayesian network
Authors:	Mohammad Hafiz Mohd Yusof (P82825)
Supervisor:	Rosmadi Mokhtar, Dr.
Keywords:	Universiti Kebangsaan Malaysia -- Dissertations Dissertations, Academic -- Malaysia Bayesian network Network-level behavioural Neural networks (Computer science)
Issue Date:	22-Sep-2020
Description:	Malware can be defined as malicious software that infiltrates a network and computer host in a variety of ways, from software flaws to social engineering. Due to the polymorphic and stealth nature of malware attacks, a signature-based analysis that is done statically is no longer sufficient to solve such problem. Therefore, a behavioural or anomalous analysis will provide a more dynamic approach for the solution. However, recent studies have shown that current behavioural methods at the network-level have several issues such as the inability to predict zero-day attacks, high-level assumptions, non-inferential analysis and performance issues. Other than performance issues, this study has identified common characteristics that causes the problems, which are reduced parameters, or instances, θ and lack of priori information p(θ). Previous methods were proposed to address the problems however were still unable to resolve the stated scientific hitches. Due to the shortcomings, the Bayesian Network in terms of its probabilistic modelling would be the best method to deal with the stated scientific glitches, which also have been proven in the area of Clinical Expert Systems, Artificial Intelligence and Pattern Recognition. One of the recent malware analysis studies by Weaver (2015) had applied Bayes theorem in her model. However the model has limited directed conditional probabilities which could lead to false alarm. Furthermore in this studies the distribution density model has been fixed and only one feature which is the IP address has been used to build up the model. Therefore, this study aims to determine Feature Selection and Distribution Density Model to select the optimal features that will improve the prediction of the behavioural analysis, then to design the Predictive Analytics Model based on Bayesian Network and finally to evaluate detection, accuracy and false positive rate of the model with the state-of-the-art model using live network traffic. The training dataset has been trained to use the embedded feature selection method, which incorporates both the filter and wrapper method. Correlation coefficient, r and weighted score, wj has been used. The accepted or selected features has been further analysed using distribution functions, β that to assist of finding its maximum likelihood using maximum likelihood function, Ɩmax. The final selected features has been trained by the Bayesian Network classifier and tested through several testing datasets and was compared to other feature selection methods. This research contributes to the establishment of optimised Feature Selection Model in malware analysis by incorporating both Filter Method (FM) and Wrapper Method (WM) and finally the constructed Predictive Analytics model based on Bayesian Network. Results applied onto ground-truth dataset from Ramsay Sime Darby Healthcare (Malaysia's healthcare provider) indicated that 5 months’ prior the attack the prediction model manage to detect 86% of the traffic was designated for network attack with 100% accuracy. As the comparison results against NSL standard dataset, the detection rate is 100% with 14% False Alarm Rate (FAR). As for conclusions, the comparison results against other methods like Support Vector Machine (SVM), k Nearest Neighbour, Lease Squared, and against one feature selected model by the Subject Matter Expert shows the proposed method consistently outperform other methods.,Ph.D
Pages:	183
Publisher:	UKM, Bangi
Appears in Collections:	Faculty of Information Science and Technology / Fakulti Teknologi dan Sains Maklumat

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.