AUT LibraryAUT
View Item 
  •   Open Research
  • AUT Faculties
  • Faculty of Design and Creative Technologies (Te Ara Auaha)
  • School of Engineering, Computer and Mathematical Sciences - Te Kura Mātai Pūhanga, Rorohiko, Pāngarau
  • View Item
  •   Open Research
  • AUT Faculties
  • Faculty of Design and Creative Technologies (Te Ara Auaha)
  • School of Engineering, Computer and Mathematical Sciences - Te Kura Mātai Pūhanga, Rorohiko, Pāngarau
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Exploring Malware Behavior of Webpages Using Machine Learning Technique: An Empirical Study

Alwaghid, AF; Sarkar, NI
Thumbnail
View/Open
Journal article (2.180Mb)
Permanent link
http://hdl.handle.net/10292/13479
Metadata
Show full metadata
Abstract
Malware is one of the most common security threats experienced by a user when browsing web pages. A good understanding of the features of web pages (e.g., internet protocol, port, URL, Google index, and page rank) is required to analyze and mitigate the behavior of malware in web pages. This main objective of this paper is to analyze the key features of webpages and to mitigate the behavior of malware in webpages. To this end, we conducted an empirical study to identify the features that are most vulnerable to malware attacks and its results are reported. To improve the feature selection accuracy, a machine learning technique called bagging is employed using the Weka program. To analyze these behaviors, phishing and botnet data were obtained from the University of California Irvine machine learning repository. We validate our research findings by applying honeypot infrastructure using the Modern Honeypot Network (MHN) setup in a Linode Server. As the data suffer from high variance in terms of the type of data in each row, bagging is chosen because it can classify binary classes, date classes, missing values, nominal classes, numeric classes, unary classes and empty classes. As a base classifier of bagging, random tree was applied because it can handle similar types of data such as bagging, but better than other classifiers because it is faster and more accurate. Random tree had 88.22% test accuracy with the lowest run time (0.2 sec) and a receiver operating characteristic curve of 0.946. Results show that all features in the botnet dataset are equally important to identify the malicious behavior, as all scored more than 97%, with the exception of TCP and UDP. The accuracy of phishing and botnet datasets is more than 89% on average in both cross validation and test analysis. Recommendations are made for the best practice that can assist in future malware identification.
Keywords
Ensemble method; Malicious software; Bagging; Random tree; Feature selection
Date
June 23, 2020
Source
Electronics 2020, 9(6), 1033; https://doi.org/10.3390/electronics9061033
Item Type
Journal Article
Publisher
MDPI AG
DOI
10.3390/electronics9061033
Publisher's Version
https://www.mdpi.com/2079-9292/9/6/1033
Rights Statement
© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

Contact Us
  • Admin

Hosted by Tuwhera, an initiative of the Auckland University of Technology Library

 

 

Browse

Open ResearchTitlesAuthorsDateSchool of Engineering, Computer and Mathematical Sciences - Te Kura Mātai Pūhanga, Rorohiko, PāngarauTitlesAuthorsDate

Alternative metrics

 

Statistics

For this itemFor all Open Research

Share

 
Follow @AUT_SC

Contact Us
  • Admin

Hosted by Tuwhera, an initiative of the Auckland University of Technology Library