Top

Journal of Reliable Intelligent Environments

Published in:

31-10-2018 | Original Article

Experimenting and assessing machine learning tools for detecting and analyzing malicious behaviors in complex environments

Authors: Alfredo Cuzzocrea, Fabio Martinelli, Francesco Mercaldo, Giorgio Mario Grasso

Published in: Journal of Reliable Intelligent Environments | Issue 4/2018

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This paper proposes applying and experimentally assessing machine learning tools to solve security issues in complex environments, specifically identifying and analyzing malicious behaviors. To evaluate the effectiveness of machine learning algorithms to detect anomalies, we consider the following three real-world case studies: (i) detecting and analyzing Tor traffic, on the basis of a machine learning-based discrimination technique; (ii) identifying and analyzing CAN bus attacks via deep learning; (iii) detecting and analyzing mobile malware, with particular regard to ransomware in Android environments, by means of structural entropy-based classification. Derived observations confirm the effectiveness of machine learning in supporting security of complex environments.

previous article A survey on verification strategies for intelligent transportation systems

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

http://archive.wired.com/politics/security/news/2005/05/67542?currentPage=all.

http://www.csoonline.com/article/2131589/investigations-forensics/how-online-black-markets-work.html.

http://www.cs.waikato.ac.nz/ml/weka/.

http://www.unb.ca/cic/research/datasets/tor.html.

www.can.bosch.com.

https://sites.google.com/a/hksecurity.net/ocslab/Datasets/car-hacking-dataset.

http://www.cs.waikato.ac.nz/ml/weka/.

https://github.com/Waikato/wekaDeeplearning4j.

https://goo.gl/ht8Rqd.

https://goo.gl/C94swo.

https://goo.gl/t7UbkU.

https://goo.gl/iRJYfH.

http://www.cs.waikato.ac.nz/ml/weka/.

http://users.aber.ac.uk/rkj/book/wekafull.jar.

https://developers.virustotal.com/reference.

https://www.virustotal.com/.

Dissecting the android bouncer. https://jon.oberheide.org/files/summercon12-bouncer.pdf. Accessed 30 Jan 2015

Addision PS (2002) The illustrated wavelet transform handbook: introductory theory and applications in science, engineering, medicine and finance. Taylor & Francis Group, Abingdon

Al-Kahtani MS (2012) Survey on security attacks in vehicular ad hoc networks (vanets). In: 6th international conference on signal processing and communication systems (ICSPCS), 2012, pp 1–9.,IEEE

Al-rimy BAS, Maarof MA, Shaid SZM. (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput Secur

Andronio N, Zanero S, Maggi F (2015) Heldroid: dissecting and detecting mobile ransomware. In: International workshop on recent advances in intrusion detection, pp 382–404. Springer

Athanasiadis IN, Kaburlasos VG, Mitkas PA, Petridis V (2003) Applying machine learning techniques on air quality data for real-time decision support. In: ITEE. Citeseer

Baccouche M, Mamalet F, Wolf C, Garcia C, Baskurt A (2011) Sequential deep learning for human action recognition. In: International workshop on human behavior understanding, pp 29–39. Springer

Barker J, Hannay P, Szewczyk P (2011) Using traffic analysis to identify the second generation onion router. In: IFIP 9th international Conference on embedded and ubiquitous computing (EUC), 2011, pp 72–78. IEEE

Battista P, Mercaldo F, Nardone V, Santone A, Visaggio CA (2016) Identification of android malware families with model checking. In: Proceedings of the 2nd international conference on information systems security and privacy, ICISSP 2016, Rome, Italy, February 19–21, 2016, pp 542–547. SciTePress

10.

Baysa D, Low RM, Stamp M (2013) Structural entropy and metamorphic malware. J Comput Virol Hacking Tech 9(4):179–192CrossRef

11.

Bernardi ML, Cimitile M, Martinelli F, Mercaldo F (2018) Driver and path detection through time-series classification. J Adv Transp

12.

Borda M (2011) Fundamentals in information theory and coding. Springer

13.

Bouckaert RR. (2004) Bayesian network classifiers in weka

14.

Braun P, Cameron J, Cuzzocrea A, Jiang F, Leung C (2014) Effectively and efficiently mining frequent patterns from dense graph streams on disk. Proc Comput Sci 35:338–347CrossRef

15.

Canfora G, Mercaldo F, Visaggio CA (2013) A classifier of malicious android applications. In: Eighth international conference on availability, reliability and security (ARES), 2013, pp 607–614. IEEE

16.

Canfora G, Mercaldo F, Visaggio CA (2016) An hmm and structural entropy based detector for android malware: an empirical study. Comput Secur 61:1–18CrossRef

17.

Canfora G, Mercaldo F, Visaggio CA, Di Notte P (2014) Metamorphic malware detection using code metrics. Inform Secur J Glob Perspect 23(3):57–67CrossRef

18.

Cannataro M, Cuzzocrea A, Mastroianni C, Ortale R, Pugliese A (2002) Modeling adaptive hypermedia with an object-oriented approach and xml. In: Second international workshop on web dynamics

19.

Cannataro M, Cuzzocrea A, Pugliese A (2001) A probabilistic approach to model adaptive hypermedia systems. In: Proceedings of the international workshop for web dynamics, pp 12–30

20.

Chaabane A, Manils P, Kaafar MA (2010) Digging into anonymous traffic: a deep analysis of the tor anonymizing network. In: 4th International conference on network and system security (NSS), 2010, pp 167–174. IEEE

21.

Chakravarty S, Barbera MV, Portokalidis G, Polychronakis M, Keromytis AD (2014) On the effectiveness of traffic analysis against anonymity networks using flow records. In: PAM, pp 247–257. Springer

22.

Cimitile A, Martinelli F, Mercaldo F (2017) Machine learning meets ios malware: identifying malicious applications on apple environment. In: Proceedings of the 3rd international conference on information systems security and privacy, pp 487–492

23.

Cimitile A, Mercaldo F, Nardone V, Santone A, Visaggio CA (2017) Talos: no more ransomware victims with formal methods. Int J Inform Secur

24.

Cuzzocrea A (2006) Accuracy control in compressed multidimensional data cubes for quality of answer-based OLAP tools. In: 18th International conference on scientific and statistical database management, SSDBM 2006, 3–5 July 2006, Vienna, Austria, Proceedings, pp 301–310

25.

Cuzzocrea A (2006) Combining multidimensional user models and knowledge representation and management techniques for making web services knowledge-aware. Web Intell Agent Syst 4(3):289–312

26.

Cuzzocrea A (2006) Improving range-sum query evaluation on data cubes via polynomial approximation. Data Knowl Eng 56(2):85–121CrossRef

27.

Cuzzocrea A, Fortino G, Rana OF (2013) Managing data and processes in cloud-enabled large-scale sensor networks: state-of-the-art and future research directions. In: 13th IEEE/ACM international symposium on cluster, cloud, and grid computing, CCGrid 2013, Delft, Netherlands, May 13–16, 2013, pp 583–588

28.

Cuzzocrea A, Furfaro F, Greco S, Masciari E, Mazzeo GM, Saccà D (2005) A distributed system for answering range queries on sensor network data. In: 3rd IEEE conference on pervasive computing and communications workshops (PerCom 2005 Workshops), 8–12 March 2005, Kauai Island, HI, USA, pp 369–373

29.

Cuzzocrea A, Furfaro F, Saccà D (2009) Enabling OLAP in mobile environments via intelligent data cube compression techniques. J Intell Inf Syst 33(2):95–143CrossRef

30.

De Francesco N, Lettieri G, Santone A, Vaglini G (2014) Grease: a tool for efficient nonequivalence checking. ACM Trans Softw Eng Methodol 23(3):24CrossRef

31.

De Francesco N, Lettieri G, Santone A, Vaglini G (2016) Heuristic search for equivalence checking. Softw Syst Model 15(2):513–530CrossRef

32.

Ding L, Fang W, Luo H, Love PE, Zhong B, Ouyang X (2018) A deep hybrid learning model to detect unsafe behavior: integrating convolution neural networks and long short-term memory. Autom Constr 86:118–124CrossRef

33.

Dingledine R, Mathewson N, Syverson P (2004) Tor: the second-generation onion router. Tech. rep, DTIC Document

34.

Draper-Gil G, Lashkari AH, Mamun MSI, Ghorbani AA (2016) Characterization of encrypted and vpn traffic using time-related

35.

Ferrante A, Malek M, Martinelli F, Mercaldo F, Milosevic J (2017) Extinguishing ransomware-a hybrid approach to android ransomware detection. In: The 10th international symposium on foundations practice of security

36.

Friedman N, Geiger D, Goldszmidt M (1997) Bayesian network classifiers. Mach Learn 29(2–3):131–163CrossRef

37.

Gharib A, Ghorbani A (2017) Dna-droid: a real-time android ransomware detection framework. In: Yan Z, Molva R, Mazurczyk W, Kantola R (eds) Network and system security: 11th International conference, NSS 2017, Helsinki, Finland, August 21–23, 2017, Proceedings

38.

Goldszmidt M (2010) Bayesian network classifiers. Wiley encyclopedia of operations research and management science

39.

Gradara S, Santone A, Villani M, Vaglini G (2004) Model checking multithreaded programs by means of reduced models. Electr Notes Theor Comput Sci 110:55–74CrossRef

40.

He G, Yang M, Luo J, Gu X (2014) Inferring application type information from tor encrypted traffic. In: Second international Conference on advanced cloud and big data (CBD), 2014, pp 220–227. IEEE

41.

Holte RC (1993) Very simple classification rules perform well on most commonly used datasets. Mach Learn 11(1):63–90MathSciNetCrossRef

42.

Hühn J, Hüllermeier E (2009) Furia: an algorithm for unordered fuzzy rule induction. Data Min Knowl Discov 19(3):293–319MathSciNetCrossRef

43.

Ilisei I, Inkpen D, Pastor GC, Mitkov, R (2010) Identification of translationese: a machine learning approach. In: CICLing, vol 6008, pp 503–511. Springer

44.

Ishibuchi H, Yamamoto T (2004) Fuzzy rule selection by multi-objective genetic local search algorithms and rule evaluation measures in data mining. Fuzzy Sets Syst 141(1):59–88CrossRef

45.

Jayanthi S, Sasikala S (2013) Reptree classifier for identifying link spam in web search engines. IJSC 3(2):498–505CrossRef

46.

Jensen R, Cornelis C (2008) A new approach to fuzzy-rough nearest neighbour classification. In: International conference on rough sets and current trends in computing, pp 310–319. Springer

47.

Jensen R, Cornelis C (2011) Fuzzy-rough nearest neighbour classification. In: Transactions on rough sets XIII, pp 56–72. Springer

48.

Kwak BI, Woo J, Kim HK (2016) Know your master: driver profiling-based anti-theft method. In: PST 2016

49.

Lashkari AH, Gil GD, Mamun MSI, Ghorbani AA (2017) Characterization of tor traffic using time based features. In: Proceedings of the 3rd international conference on information systems security and privacy, vol 1, ICISSP,, pp 253–262. INSTICC, SciTePress

50.

Li KC, Jiang H, Yang LT, Cuzzocrea A (2015) Big data: algorithms, analytics, and applications, 1st edn. Chapman & Hall/CRC, Boca RatonMATH

51.

Lyda R, Hamrock J (2007) Using entropy analysis to find encrypted and packed malware. Secur Priv IEEE 5(2):40–45CrossRef

52.

Maiorca D, Mercaldo F, Giacinto G, Visaggio CA, Martinelli F (2017) R-packdroid: Api package-based characterization and detection of mobile ransomware. In: Proceedings of the symposium on applied computing, pp 1718–1723. ACM

53.

Martinelli F, Marulli F, Mercaldo F (2017) Evaluating convolutional neural network for effective mobile malware detection. Proc Comput Sci 112:2372–2381CrossRef

54.

Martinelli F, Mercaldo F, Nardone V, Orlando A, Santone A (2018) Whos driving my car? a machine learning based approach to driver identification. In: ICISSP

55.

Martinelli F, Mercaldo F, Nardone V, Santone A (2017) Car hacking identification through fuzzy logic algorithms. In: IEEE International Conference on fuzzy systems (FUZZ-IEEE), IEEE

56.

McCoy D, Bauer K, Grunwald D, Kohno T, Sicker D (2008) Shining light in dark places: understanding the tor network. In: International symposium on privacy enhancing technologies symposium, pp 63–76. Springer

57.

Mercaldo F, Nardone V, Santone A (2016) Ransomware inside out. In: 11th International Conference on availability, reliability and security (ARES), 2016, pp 628–637. IEEE

58.

Mercaldo F, Nardone V, Santone A (2017) Diabetes mellitus affected patients classification and diagnosis through machine learning techniques. Proc Comput Sci 112(C):2519–2528CrossRef

59.

Mercaldo F, Nardone V, Santone A, Visaggio CA (2016) Ransomware steals your phone. Formal methods rescue it. In: International conference on formal techniques for distributed objects, components, and systems, pp 212–221. Springer

60.

Mercaldo F, Visaggio CA, Canfora G, Cimitile A (2016) Mobile malware detection in the real world. In: IEEE/ACM international conference on software engineering companion (ICSE-C), pp 744–746. IEEE

61.

Mitchell TM (1999) Machine learning and data mining. Commun ACM 42(11):30–36CrossRef

62.

Pérez JM, Muguerza J, Arbelaitz O, Gurrutxaga I, Martín JI (2007) Combining multiple class distribution modified subsamples in a single tree. Pattern Recognit Lett 28(4):414–422CrossRef

63.

Quinlan R (1993) C4.5: programs for machine learning. Morgan Kaufmann Publishers, San Mateo

64.

Rajput A, Aharwal RP, Dubey M, Saxena S, Raghuvanshi M (2011) J48 and jrip rules for e-governance data. Int J Comput Sci Secur 5(2):201

65.

Samara G, Al-Salihy WA, Sures R (2010) Security issues and challenges of vehicular ad hoc networks (vanet). In: 4th International Conference on new trends in information science and service science (NISS), 2010, pp 393–398. IEEE

66.

Schmidhuber J (2015) Deep learning in neural networks: an overview. Neural Netw 61:85–117CrossRef

67.

Shahzad W, Asad S, Khan MA (2013) Feature subset selection using association rule mining and jrip classifier. Int J Phys Sci 8(18):885–896CrossRef

68.

Snader R, Borisov N (2008) A tune-up for tor: improving security and performance in the tor network. In: ndss, vol 8, p 127

69.

Song S, Kim B, Lee S (2016) The effective ransomware prevention technique using process monitoring on android platform. Mobile Inform Syst

70.

Sorokin I (2011) Comparing files using structural entropy. J Comput Virol Hacking Tech 7(4):259–265MathSciNetCrossRef

71.

Srinivasan DB, Mekala P (2014) Mining social networking data for classification using reptree. Int J Adv Res Comput Sci Manag Stud 2(10)

72.

Syverson P, Tsudik G, Reed M, Landwehr C (2001) Towards an analysis of onion routing security. In: Designing privacy enhancing technologies. Springer, pp 96–114

73.

Ugarte-Pedrero X, Santos I, Sanz B, Laorden C, Bringas PG (2012) Countering entropy measure attacks on packed software detection. In: The 9th annual IEEE consumer communications and networking conference—security and content protection, pp 164–168

74.

Villarrubia G, De Paz JF, Chamoso P, De la Prieta F (2018) Artificial neural networks used in optimization problems. Neurocomputing 272:10–16CrossRef

75.

Webb G (1999) Decision tree grafting from the all-tests-but-one partition. Morgan Kaufmann, San Francisco

76.

Wu X, Kumar V, Quinlan JR, Ghosh J, Yang Q, Motoda H, McLachlan GJ, Ng A, Liu B, Philip SY (2008) Top 10 algorithms in data mining. Knowl Inform Syst 14(1):1–37CrossRef

77.

Xiao X, Zhang S, Mercaldo F, Hu G, Sangaiah AK (2017) Android malware detection based on system call sequences and lstm. Multimed Tools Appl 1–21

78.

Yang T, Yang Y, Qian K, Lo DCT, Qian Y, Tao L (2015) Automated detection and analysis for android ransomware. In: IEEE 17th international conference on high performance computing and communications, IEEE 7th international symposium on cyberspace safety and security, IEEE 12th international conference on embedded software and systems, pp 1338–1343. IEEE

79.

Zhou Y, Jiang X (2012) Dissecting android malware: characterization and evolution. In: IEEE symposium on security and privacy (SP), 2012, pp 95–109. IEEE

Title: Experimenting and assessing machine learning tools for detecting and analyzing malicious behaviors in complex environments
Authors: Alfredo Cuzzocrea
Fabio Martinelli
Francesco Mercaldo
Giorgio Mario Grasso
Publication date: 31-10-2018
Publisher: Springer International Publishing
Published in: Journal of Reliable Intelligent Environments / Issue 4/2018
Print ISSN: 2199-4668
Electronic ISSN: 2199-4676
DOI: https://doi.org/10.1007/s40860-018-0072-3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 4/2018

A survey on verification strategies for intelligent transportation systems

User expectations in intelligent environments

Editorial

A novel digital twin-centric approach for driver intention prediction and traffic congestion avoidance

Premium Partner