Chi-Kuan Chiu, Te-En Wei, Hsiao-Hsien Chang, Ching-Hao Mao
{"title":"Counterfeit Fingerprint Detection of Outbound HTTP Traffic with Recurrent Neural Network","authors":"Chi-Kuan Chiu, Te-En Wei, Hsiao-Hsien Chang, Ching-Hao Mao","doi":"10.23919/ICACT.2019.8701951","DOIUrl":null,"url":null,"abstract":"Most of malwares usually hide their malicious activities into HTTP protocol, such as communicating with the C&C server or accessing some malicious webpages. The previous detection system is mainly based on the blacklist. With the advancement of technology, there are many ways can easily available to evade detection system nowadays, e.g., spoofing the HTTP headers. However, the stealthiest malware still needs to communicate with the destination point. This paper aims to provide a detection system to detect these stealthily malicious activities. Consider machine-learning classifiers with manually handled features have been widely used in malicious URL detection. We propose an end-to-end deep learning framework to learn the URL embedding for application classifier from URL string. We apply the Recurrent Neural Network (RNN) to effectively keep the semantic meaning and sequential patterns in URL strings. The proposed approach is evaluated with real-world data from technology enterprise’s network and compare the performance with the state-of-the-art approach. The result shows that our approach achieves the accuracy rate to 99%, and even the counterfeit fingerprint’s detection reaches up to 100% while the comparison approach failed with the same scenario.","PeriodicalId":226261,"journal":{"name":"2019 21st International Conference on Advanced Communication Technology (ICACT)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 21st International Conference on Advanced Communication Technology (ICACT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/ICACT.2019.8701951","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Most of malwares usually hide their malicious activities into HTTP protocol, such as communicating with the C&C server or accessing some malicious webpages. The previous detection system is mainly based on the blacklist. With the advancement of technology, there are many ways can easily available to evade detection system nowadays, e.g., spoofing the HTTP headers. However, the stealthiest malware still needs to communicate with the destination point. This paper aims to provide a detection system to detect these stealthily malicious activities. Consider machine-learning classifiers with manually handled features have been widely used in malicious URL detection. We propose an end-to-end deep learning framework to learn the URL embedding for application classifier from URL string. We apply the Recurrent Neural Network (RNN) to effectively keep the semantic meaning and sequential patterns in URL strings. The proposed approach is evaluated with real-world data from technology enterprise’s network and compare the performance with the state-of-the-art approach. The result shows that our approach achieves the accuracy rate to 99%, and even the counterfeit fingerprint’s detection reaches up to 100% while the comparison approach failed with the same scenario.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
