نوع مقاله : مقاله پژوهشی
نویسندگان
1 دانشگاه امام حسین (ع)
2 علم و صنعت
3 دانشگاه علم و صنعت
چکیده
کلیدواژهها
عنوان مقاله [English]
نویسندگان [English]
Complex malwares which infiltrate systems in a country’s critical infrastructure with the purpose of destruction or espionage are major threats in cyber space. What is presented in this article is a smart solution to discover zero day worms which can be polymorphic and encrypted and their nature is still unknown to defense tools.To do this, we first outlined our desirable detector and then presented a solution based on data mining methods for detecting malicious extensions with the emphasis on worm’s scanning feature, communication model of the infected hosts and the packets’ headers transmitted across the network.By clustering clean data, and using clean and contaminated data classifications, experimental samples and the C5 decision tree, we managed to present the best model with an accuracy of 94.49%, precision of 92.92%, and a recall of 94.70% in identifying infected packages from the clean ones. Finally, we also showed that the use of clustering in the patterns of clean hosts’ traffic could reach better results in identifying infected traffic.
کلیدواژهها [English]