Using XGBoost to Discover Infected Hosts Based on HTTP Traffic
Joint Authors
Niu, Weina
Zhang, Xiaosong
Li, Ting
Hu, Teng
Jiang, Tianyu
Wu, Heng
Source
Security and Communication Networks
Issue
Vol. 2019, Issue 2019 (31 Dec. 2019), pp.1-11, 11 p.
Publisher
Hindawi Publishing Corporation
Publication Date
2019-11-06
Country of Publication
Egypt
No. of Pages
11
Main Subjects
Information Technology and Computer Science
Abstract EN
In recent years, the number of malware and infected hosts has increased exponentially, which causes great losses to governments, enterprises, and individuals.
However, traditional technologies are difficult to timely detect malware that has been deformed, confused, or modified since they usually detect hosts before being infected by malware.
Host detection during malware infection can make up for their deficiency.
Moreover, the infected host usually sends a connection request to the command and control (C&C) server using the HTTP protocol, which generates malicious external traffic.
Thus, if the host is found to have malicious external traffic, the host may be a host infected by malware.
Based on the background, this paper uses HTTP traffic combined with eXtreme Gradient Boosting (XGBoost) algorithm to detect infected hosts in order to improve detection efficiency and accuracy.
The proposed approach uses a template automatic generation algorithm to generate feature templates for HTTP headers and uses XGBoost algorithm to distinguish between malicious traffic and normal traffic.
We conduct a performance analysis to demonstrate that our approach is efficient using dataset, which includes malware traffic from MALWARE-TRAFFIC-ANALYSIS.NET and normal traffic from UNSW-NB 15.
Experimental results show that the detection speed is about 1859 HTTP traffic per second, and the detection accuracy reaches 98.72%, and the false positive rate is less than 1%.
American Psychological Association (APA)
Niu, Weina& Li, Ting& Zhang, Xiaosong& Hu, Teng& Jiang, Tianyu& Wu, Heng. 2019. Using XGBoost to Discover Infected Hosts Based on HTTP Traffic. Security and Communication Networks،Vol. 2019, no. 2019, pp.1-11.
https://search.emarefa.net/detail/BIM-1210297
Modern Language Association (MLA)
Niu, Weina…[et al.]. Using XGBoost to Discover Infected Hosts Based on HTTP Traffic. Security and Communication Networks No. 2019 (2019), pp.1-11.
https://search.emarefa.net/detail/BIM-1210297
American Medical Association (AMA)
Niu, Weina& Li, Ting& Zhang, Xiaosong& Hu, Teng& Jiang, Tianyu& Wu, Heng. Using XGBoost to Discover Infected Hosts Based on HTTP Traffic. Security and Communication Networks. 2019. Vol. 2019, no. 2019, pp.1-11.
https://search.emarefa.net/detail/BIM-1210297
Data Type
Journal Articles
Language
English
Notes
Includes bibliographical references
Record ID
BIM-1210297