Analysis of Malware Impact on Network Traffic using Behavior-based Detection Technique

Adib Fakhri  Muhtadi; Ahmad Almaarif

doi:10.25008/ijadis.v1i1.14

Authors

Adib Fakhri Muhtadi Department of Information System, Telkom University, Indonesia
Ahmad Almaarif Vrije Universiteit Amsterdam, Netherlands

DOI:

https://doi.org/10.25008/ijadis.v1i1.14

Keywords:

malware, dynamic analysis, behavior-based analysis, network traffic, API Call network

Abstract

Malware is a software or computer program that is used to carry out malicious activity. Malware is made with the aim of harming user’s device because it can change user’s data, use up bandwidth and other resources without user's permission. Some research has been done before to identify the type of malware and its effects. But previous research only focused on grouping the types of malware that attack via network traffic. This research analyzes the impact of malware on network traffic using behavior-based detection techniques. This technique analyzes malware by running malware samples into an environment and monitoring the activities caused by malware samples. To obtain accurate results, the analysis is carried out by retrieving API call network information and network traffic activities. From the analysis of the malware API call network, information is generated about the order of the API call network used by malware. Using the network traffic, obtained malware activities by analyzing the behavior of network traffic malware, payload, and throughput of infected traffic. Furthermore, the results of the API call network sequence used by malware and the results of network traffic analysis, are analyzed so that the impact of malware on network traffic can be determined.

Downloads

Download data is not yet available.

Author Biography

Ahmad Almaarif, Vrije Universiteit Amsterdam, Netherlands

References

Saeed, I. A., Selamat, A., & Abuagoub, A. M. (2013). A survey on malware and malware detection systems. International Journal of Computer Applications, 67(16).

Efendy, R. A., Almaarif, A., Budiono, A., Saputra, M., Puspitasari, W., & Sutoyo, E. (2019, November). Exploring the Possibility of USB based Fork Bomb Attack on Windows Environment. In 2019 International Conference on ICT for Smart Society (ICISS) (Vol. 7, pp. 1-4). IEEE.

Bayer, U., Comparetti, P. M., Hlauschek, C., Kruegel, C., & Kirda, E. (2009, February). Scalable, behavior-based malware clustering. In NDSS (Vol. 9, pp. 8-11).

Jain, M., & Bajaj, P. (2014). Techniques in detection and analyzing malware executables: a review. International Journal of Computer Science and Mobile Computing, 3(5), 930-935.

Ismail, J.,"Static Method Malware Analysis | Jul Ismail, "2016. [Online]. Available: https://julismail.staff.telkomuniversity.ac.id/ analyzed-malware-metode-statik/. [Accessed: 21-May-2019]

Perdisci, R., Lee, W., & Feamster, N. (2010, April). Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces. In NSDI (Vol. 10, p. 14).

Almaarif, A., & Yazid, S. (2018). ARP Cache Poisoning sebagai Teknik Alternatif untuk Membatasi Penggunaan Bandwidth berbasis Waktu. Jurnal Rekayasa Sistem & Industri (JRSI), 5(02), 108-113.

Kim, Y. S., Wang, E., & Rho, H. M. (2001). Geometry-based machining precedence reasoning for feature-based process planning. International Journal of Production Research, 39(10), 2077-2103.

Merialdo, G., "Medusa," Rev. Homeopath Medica. , vol. 5, no. 2, pp. 61–62, 2012.

Mell, P., Kent, K., & Nusbaum, J. (2005). Guide to malware incident prevention and handling (pp. 800-83). Gaithersburg, Maryland: US Department of Commerce, Technology Administration, National Institute of Standards and Technology.

Cahyanto, T. A., Wahanggara, V., & Ramadana, D. (2017). Analisis dan Deteksi Malware Menggunakan Metode Analisis Dinamis. JUSTINDO, Jurnal Sistem & Teknologi Informasi Indonesia, 2(1), 19-30.

Utama, W., "What Is Malware, Understanding, Explanation and Types of Malware That Need to Watch Out for," 2017. [Online]. Available: https://www.klikmania.net/apa-itu-malware. [Accessed: 21-May-2019]

Aycock, J. (2006). Computer viruses and malware (Vol. 22). Springer Science & Business Media.

Sikorski, M., & Honig, A. (2012). Practical malware analysis: the hands-on guide to dissecting malicious software. no starch press.

Shijo, P. V., & Salim, A. (2015). Integrated static and dynamic analysis for malware detection. Procedia Computer Science, 46, 804-811.

Liu, W., Ren, P., Liu, K., & Duan, H. X. (2011, September). Behavior-based malware analysis and detection. In 2011 first international workshop on complexity and data mining (pp. 39-42). IEEE

Jacob, G., Debar, H., & Filiol, E. (2008). Behavioral detection of malware: from a survey towards an established taxonomy. Journal in computer Virology, 4(3), 251-266.

Webi, "Windows API Index - Windows applications | Microsoft Docs, "2018. [Online]. Available: https://docs.microsoft.com/en-us/windows/desktop/apiindex/windows-api-list#networking-and-internet. [Accessed: 21-May-2019]

Orebaugh, A., Ramirez, G., & Beale, J. (2006). Wireshark & Ethereal network protocol analyzer toolkit. Elsevier.

Morales, J. A., Al-Bataineh, A., Xu, S., & Sandhu, R. (2010, September). Analyzing and exploiting network behaviors of malware. In International conference on security and privacy in communication systems (pp. 20-34). Springer, Berlin, Heidelberg.

Suryati, O. T., & Budiono, A. (2020). Impact Analysis of Malware Based on Call Network API with Heuristic Detection Method. International Journal of Advances in Data and Information Systems, 1(1), 1-8.

R. N. Romli, M. F. Zolkipli, A. Al-Ma’arif, M. R. Ramli, and M. A. Salamat, “Understanding the Root of Attack in Android Malware”, International Journal of Integrated Engineering, vol. 10, no. 6, Nov. 2018.