MADESANT: malware detection and severity analysis in industrial environments

Author:

Jayalaxmi P. L. S.,Chakraborty Manali,Saha Rahul,Kumar Gulshan,Conti Mauro

Abstract

AbstractMalware remains a persistent threat to industrial operations, causing disruptions and financial losses. Traditional malware detection approaches struggle with the increasing complexity of false positives and negatives. However, existing Intrusion Detection Systems (IDSs) often lack the capability to assess the severity of detected malware, crucial for effective threat mitigation. This paper presents a novel model, MAlware DEtection and Severity Analysis for eNcrypted Traffic (MADESANT), designed to detect and analyze malware severity in encrypted traffic data. MADESANT combines Deep Learning (DL)-based intrusion detection with Machine Learning (ML)-based severity analysis, specifically customized for the minutiae of IoT systems and assets. Notably, MADESANT introduces a cascading model integrating a Cascading Forward Back Propagation Neural Network (CFBPNN) with the J48 tree to systematically assess risk factors in network traffic. Our assessment, conducted on diverse encrypted datasets including UNSW-NB15, IoT23, and XIIoTID, highlights the remarkable efficacy of MADESANT. Impressively, it achieves a flawless 0% false positive rate in detecting binary attack instances, surpassing benchmarks set by conventional models. Additionally, MADESANT excels in accurately estimate malware severity, providing invaluable insights into the factors contributing to the risk. To further validate its efficiency, we compared MADESANT against prevalent Neural Network models like FeedForward and Recurrent Neural Networks, with MADESANT emerging as the superior choice. The experimentation encompasses both the entire dataset and subsets generated through meticulous risk factor analysis. These results underscore MADESANT’s prowess in not only identifying malware but also in evaluating its potential impact, signifying a significant leap forward in industrial cybersecurity.

Funder

Università degli Studi di Padova

Publisher

Springer Science and Business Media LLC

Reference27 articles.

1. Aycock, J.: Computer Viruses and Malware, Advances in Information Security. Springer, Berlin (2006)

2. State of Malware (2024). https://www.felipeprado1975.com/single-post/report-2024-state-of-malware-threatdown-malwarebytes. Accessed 6 Feb 2024

3. Sen, S., Spatscheck, O., Wang, D.: Accurate, scalable in-network identification of p2p traffic using application signatures. In: 13th International Conference on World Wide Web, WWW 2004. ACM, pp. 512–521 (2004)

4. Google, Https encryption on the web: https://transparencyreport.google.com/ https/. Accessed 10 Sep 2023

5. Anderson, B.: Hiding in plain sight: Malware’s use of TLS and encryption, https://blogs.cisco.com/security/malwares-use-of-tls-and-encryption, CISCO Blogs,. Accessed 10 Sep 2023

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3