Detecting malicious network activity using flow data and learning automata
MetadataVis full innførsel
Malicious software has become an increasing problem for both businesses and home users. The traditional antivirus solutions are not always enough to detect an infection. As a result of this a lot of businesses are deploying Intrusion Detection Systems, so that they may have an extra level of protection by analyzing the network traffic. Intrusion Detection Systems are resource hungry, and may in some cases require more resources than what is available. This means that some of the traffic will not be analyzed, and malicious software may be able to avoid detection. In some cases, laws and regulations may prevent you from inspecting the content of the network traffic, making it difficult to detect infected clients. In these types of scenarios a solution not dependent on traffic content is a viable alternative. In this paper we will propose a solution to detect malicious software in a network with less resource demands than a traditional Intrusion Detection System. The method will only use flow data when determining whether a client is infected or not. The decision will be made using both learning automata and stochastic weak estimators. We have shown that it is possible to detect malicious software in a network without inspecting the content of the packets, and that it is achievable by the use of both learning automata and stochastic weak estimators.
Masteroppgave i informasjons- og kommunikasjonsteknologi 2009 – Universitetet i Agder, Grimstad