Author:
Jayalaxmi P. L. S.,Chakraborty Manali,Saha Rahul,Kumar Gulshan,Conti Mauro
Abstract
AbstractMalware remains a persistent threat to industrial operations, causing disruptions and financial losses. Traditional malware detection approaches struggle with the increasing complexity of false positives and negatives. However, existing Intrusion Detection Systems (IDSs) often lack the capability to assess the severity of detected malware, crucial for effective threat mitigation. This paper presents a novel model, MAlware DEtection and Severity Analysis for eNcrypted Traffic (MADESANT), designed to detect and analyze malware severity in encrypted traffic data. MADESANT combines Deep Learning (DL)-based intrusion detection with Machine Learning (ML)-based severity analysis, specifically customized for the minutiae of IoT systems and assets. Notably, MADESANT introduces a cascading model integrating a Cascading Forward Back Propagation Neural Network (CFBPNN) with the J48 tree to systematically assess risk factors in network traffic. Our assessment, conducted on diverse encrypted datasets including UNSW-NB15, IoT23, and XIIoTID, highlights the remarkable efficacy of MADESANT. Impressively, it achieves a flawless 0% false positive rate in detecting binary attack instances, surpassing benchmarks set by conventional models. Additionally, MADESANT excels in accurately estimate malware severity, providing invaluable insights into the factors contributing to the risk. To further validate its efficiency, we compared MADESANT against prevalent Neural Network models like FeedForward and Recurrent Neural Networks, with MADESANT emerging as the superior choice. The experimentation encompasses both the entire dataset and subsets generated through meticulous risk factor analysis. These results underscore MADESANT’s prowess in not only identifying malware but also in evaluating its potential impact, signifying a significant leap forward in industrial cybersecurity.
Funder
Università degli Studi di Padova
Publisher
Springer Science and Business Media LLC
Reference27 articles.
1. Aycock, J.: Computer Viruses and Malware, Advances in Information Security. Springer, Berlin (2006)
2. State of Malware (2024). https://www.felipeprado1975.com/single-post/report-2024-state-of-malware-threatdown-malwarebytes. Accessed 6 Feb 2024
3. Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of p2p traffic using application signatures. In: 13th International Conference on World Wide Web, WWW 2004. ACM, pp. 512–521 (2004)
4. Google, Https encryption on the web: https://transparencyreport.google.com/ https/. Accessed 10 Sep 2023
5. Anderson, B.: Hiding in plain sight: Malware’s use of TLS and encryption, https://blogs.cisco.com/security/malwares-use-of-tls-and-encryption, CISCO Blogs,. Accessed 10 Sep 2023