A Highly Efficient Remote Access Trojan Detection Method

A Highly Efficient Remote Access Trojan Detection Method

Wei Jiang (Beijing University of Technology, Chinese Academy of Cyberspace Studies, Beijing, China), Xianda Wu (Beijing University of Technology, Beijing, China), Xiang Cui (Guangzhou University, Guangzhou, China) and Chaoge Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China)
Copyright: © 2019 |Pages: 13
DOI: 10.4018/IJDCF.2019100101

Abstract

Nowadays, machine learning is popular in remote access Trojan (RAT) detection which can create patterns for decision-making. However, most research focus on improving the detection rate and reducing the false negative rate, therefore they ignore the result of abnormal samples. In addition, most classifiers select several proprietary applications and RATs as their training set, which makes them difficult to adapt to the real environment. In this article, the authors address the issue of imbalance dataset between normal and RAT samples, and propose a highly efficient method of detecting RATs in real traffic. In the authors method, they generate eight features by combining the size, the inter-arrival and the flag from one packet sequence. Then, they preprocess the imbalance dataset and implement a classifier by XGBoost algorithm. The classifier achieves a false negative rate of less than 0.18%. Moreover, the authors demonstrate that their classifier is capable of detecting unknown RAT.
Article Preview
Top

Based on the difference of RAT detection technologies, the detection circumstance can be divided into three parts: based on the host, network-based detection (Adachi & Omote, 2016, Chawla et al., 2002, Chen & Guestrin, 2016, Fukushima et al., 2010, Liu et al., 2006) and the hybrid measure.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 12: 4 Issues (2020): 1 Released, 3 Forthcoming
Volume 11: 4 Issues (2019)
Volume 10: 4 Issues (2018)
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing