A Hybrid Method Based On A Genetic Algorithm That Uses Network Packets To Classify Spyware

Year 2024, Volume: 7 Issue: 2, 148 - 157, 18.12.2024

İrfan Kılıç , Orhan Yaman , Edanur Erdoğan , Melisa İrem Aslan

https://doi.org/10.54565/jphcfum.1579687

Abstract

The emergence of the Internet has led to the emergence of cyber-attacks and malware. Malware installed on mobile devices, including computers, phones, and tablets, can be used by attackers to access users' data. This study aims to use decision trees (DT) and genetic algorithms (GA) using a meta-heuristic approach to detect spyware, a category of malware, by analyzing network packets in a Windows operating system environment. When the literature is examined, it is noteworthy that there is a lack of studies on the detection of spyware using network packets. This situation was the driving force for this study. In order to carry out the study, an experimental environment was created by utilizing the laboratory facilities of Firat University, Faculty of Technology, Department of Forensic Informatics Engineering. In this experimental environment, various network packets were collected using different spyware applications. The data set was subjected to feature extraction using Tshark software. The effectiveness of meta-heuristics compared to the mathematical method of neighborhood component analysis (NCA) is demonstrated on the benchmark dataset. Therefore, a genetic algorithm (GA) was used to select the most weighted features among the extracted features. The selected features were classified with the decision tree (DT) algorithm. The results obtained are at the desired level for future studies.

Keywords

Spyware classification, Genetic algorithm, Decision trees, Neighborhood components analysis, Network packets

Project Number

1919B012219445

Thanks

TUBITAK

References

• G. Canbek and Ş. Sağıroğlu, “Kötücül ve Casus Yazılımlar: Kapsamlı bir Araştırma,” J. Fac. Eng. Archit. Gazi Univ., vol. 22, no. 1, pp. 121–136, 2007.
• K. Pandey, M. Naik, J. Qamar, and M. Patil, “Spyware Detection Using Data Mining,” Int. J. Eng. Tech., vol. 1, no. 2, pp. 5–8, 2015.
• S. Yadav and P. R. Randale, “Detection and Prevention of Keylogger Spyware Attack,” Int. J. Adv. Found. Res. Sci. Eng., vol. 1, pp. 1–5, 2015.
• İ. Bulut, “Analiz Sürecini Atlatmaya Çalışan Zararlı YAzılımlar ve Derin Öğrenme Temelli Zararlı Yazılım Tespiti,” Yıldız Teknik Üniversitesi, 2017.
• C. A. Dinçer and İ. A. Doğru, “Android Kötücül Yazılım Tespiti Yaklaşımları,” Uluslararası Bilgi Güvenliği Mühendisliği Derg., no. 2, pp. 48–58, 2017.
• A. Utku, “Using network traffic analysis deep learning based Android malware detection,” J. Fac. Eng. Archit. Gazi Univ., vol. 37, no. 4, pp. 1823–1838, 2022, doi: 10.17341/gazimmfd.937374
• A. Mehtab et al., “AdDroid: Rule-Based Machine Learning Framework for Android Malware Analysis,” Mob. Networks Appl., vol. 25, no. 1, pp. 180–192, 2020, doi: 10.1007/s11036-019-01248-0
• A. Pektaş and T. Acarman, “Deep learning for effective Android malware detection using API call graph embeddings,” Soft Comput., vol. 24, no. 2, pp. 1027–1043, 2020, doi: 10.1007/s00500-019-03940-5
• K. Bakour and H. M. Ünver, “DeepVisDroid: android malware detection by hybridizing image-based features with deep learning techniques,” Neural Comput. Appl., vol. 33, no. 18, pp. 11499–11516, 2021, doi: 10.1007/s00521-021-05816-y
• M. Tokmak and E. U. Küçüksille, “Detection of Windows Executable Malware Files with Deep Learning,” Bilge Int. J. Sci. Technol. Res., vol. 3, pp. 67–76, 2019, doi: 10.30516/bilgesci.531801
• C. K. Bauri, C. Indulkar, S. Jadhav, and P. A. S. Khandagale, “A Survey on Windows Post Exploitation [MSF] Keylogger for Security,” Int. J. Res. Appl. Sci. Eng. Technol., vol. 10, no. 3, pp. 721–726, 2022, doi: 10.22214/ijraset.2022.40684
• D. Javaheri, M. Hosseinzadeh, and A. M. Rahmani, “Detection and elimination of spyware and ransomware by intercepting kernel-level system routines,” IEEE Access, vol. 6, pp. 78321–78332, 2018, doi: 10.1109/ACCESS.2018.2884964
• M. NarasimaMallikarajunan.K., Preethi.S.R, Selvalakshmi.S, and Nithish.N, “Detection of Spyware in Software Using Virtual Environment,” in Proceedings of the Third International Conference on Trends in Electronics and Informatics (ICOEI 2019), 2019, pp. 1138–1142.
• M. Dama, “Windows Fonksiyonları Kullanılarak Özgün Bir Casus Yazılım Tasarımı ve Alınabilecek Önlemler,” Gazi Üniversitesi, 2014.
• E. Erginay, “Ağ trafiğinde anormallik tespiti için veri seti oluşturma ve test yöntemlerinin karşılaştırılması,” Gazi Üniversitesi, 2019.
• P. McLaren, G. Russell, and B. Buchanan, “Mining malware command and control traces,” Proc. Comput. Conf. 2017, vol. 2018-Janua, no. July, pp. 788–794, 2018, doi: 10.1109/SAI.2017.8252185
• W. Ames, “Understanding Spyware : Risk and Response,” Security, no. October, pp. 1–12, 2005.
• “Spyera,” 2023. Available: https://spyera.com/tr/. [Accessed: Nov. 01, 2023]
• “Browser Hijacker.” Available: https://www.malwarebytes.com/blog/threats/browser-hijacker. [Accessed: Nov. 01, 2023]
• S. Wang, “Analysis and Application of Wireshark in TCP/IP Protocol Teaching,” 2010 Int. Conf. E-Health Netw. Digit. Ecosyst. Technol., vol. 2, pp. 269–272, 2010.
• U. Lamping, R. Sharpe, and E. Warnicke, “Wireshark User’s Guide,” 2004.
• “Turkhackteam,” 2023. Available: https://www.turkhackteam.org/forumlar/siber-guvenlik.538/. [Accessed: Dec. 01, 2023]
• R. Tekin, “Nesnelerin İnterneti Uygulamaları için Saldırı Tespit Yöntemlerinin Geliştirilmesi,” Fırat Üniversitesi, 2022.
• H. Liu and R. Setiono, “Chi2: feature selection and discretization of numeric attributes,” in Proceedings of the International Conference on Tools with Artificial Intelligence, 1995. doi: 10.1109/tai.1995.479783
• B. Yazıcı, F. Yaslı, H. Y. Gürleyik, and U. O. Turgut, “Veri Madenciliğinde Özellik Seçim Tekniklerinin Bankacılık Verisine Uygulanması Üzerine Araştırma ve Karşılaştırmalı Uygulama,” pp. 72–83, 2015.
• T. Tuncer and F. Ertam, “Neighborhood component analysis and reliefF based survival recognition methods for Hepatocellular carcinoma,” Phys. A Stat. Mech. its Appl., vol. 540, p. 123143, 2020, doi: 10.1016/j.physa.2019.123143
• O. Yaman, “An automated faults classification method based on binary pattern and neighborhood component analysis using induction motor,” Meas. J. Int. Meas. Confed., 2021, doi: 10.1016/j.measurement.2020.108323
• T. Tuncer, S. Dogan, and F. Ozyurt, “An automated Residual Exemplar Local Binary Pattern and iterative ReliefF based COVID-19 detection method using chest X-ray image,” Chemom. Intell. Lab. Syst., no. January, 2020.
• K. Kira and L. A. Rendell, “Feature selection problem: traditional methods and a new algorithm,” in Proceedings Tenth National Conference on Artificial Intelligence, 1992, pp. 129–134.
• I. Kononenko, “Estimating attributes: Analysis and extensions of RELIEF,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 1994. doi: 10.1007/3-540-57868-4_57
• “Display Filter Reference: Internet Protocol Version 4.” Available: https://www.wireshark.org/docs/dfref/i/ip.html. [Accessed: Nov. 15, 2023]
• “Display Filter Reference: Transmission Control Protocol.” Available: https://www.wireshark.org/docs/dfref/t/tcp.html. [Accessed: Nov. 15, 2023]
• J. R. Quinlan, “Induction of Decision Trees,” Mach. Learn., 1986, doi: 10.1023/A:1022643204877
• B. Kamiński, M. Jakubczyk, and P. Szufel, “A framework for sensitivity analysis of decision trees,” Cent. Eur. J. Oper. Res., 2018, doi: 10.1007/s10100-017-0479-6
• J. Goldberger, S. Roweis, G. Hinton, and R. Salakhutdinov, “Neighbourhood components analysis,” in Advances in Neural Information Processing Systems, 2005.
• M. Melanie, “An introduction to genetic algorithms By Melanie Mitchell. MIT Press, Cambridge, MA. (1996). 205 pages. $30.00,” Comput. Math. with Appl., 1996, doi: 10.1016/S0898-1221(96)90227-8
• G. D.E., “Genetic algorithms in search, optimization, and machine learning,” Mach. Learn. Reading, Mass, Addison-Wesley Pub. Co, 1998.