Malware detection done at the network infrastructure level is still an open research problem ,considering the evolution ofmalwares\nand high detection accuracy needed to detect these threats. Content based classification techniques have been proven capable of\ndetecting malware without matching for malware signatures. However, the performance of the classification techniques depends\non observed training samples. In this paper, a new detection method that incorporates Snort malware signatures into Naive Bayes\nmodel training is proposed. Through experimental work, we prove that the proposed work results in low features search space for\neffective detection at the packet level. This paper also demonstrates the viability of detecting malware at the stateless level (using\npackets) as well as at the stateful level (using TCP byte stream).The result shows that it is feasible to detect malware at the stateless\nlevel with similar accuracy to the stateful level, thus requiring minimal resource for implementation on middleboxes. Stateless\ndetection can give a better protection to end users by detecting malware on middleboxes without having to reconstruct stateful\nsessions and before malwares reach the end users.
Loading....