A novel approach based on adaptive online analysis of encrypted traffic for identifying Malware in IIoT

Zequn Niu, Jingfeng Xue, Dacheng Qu, Yong Wang, Jun Zheng*, Hongfei Zhu

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

23 Citations (Scopus)

Abstract

The continuous emergence of new malware has been a severe threat to Industrial Internet of Things (IIoT), while identifying malware through detecting malicious traffic in encrypted, drift, and imbalanced traffic streams is a challenge. This paper proposes an approach based on adaptive online analysis to accurately determine the families of malware by analyzing traffic streams which are encrypted, drift, and imbalanced. This approach is based on Improved Adaptive Random Forests (IARF), to obtain the ability of adaptive update of parameters when processing new types of malware traffic in traffic streams and being sensitive to families of malware with few samples in imbalanced traffic. We build a prototype of this approach and evaluate the performance through experiments. The experiments are based on a mixed dataset composed of data from malware-traffic-analysis.net, Lastline Inc, MCFP dataset, and CTU-13 dataset. In addition, our approach is also compared with three state-of-the-art methods. The results of the experiments show that we have obtained a 99.66% F1-score in the classification of malware families, and our classifier also performs better than the other classifiers.

Original languageEnglish
Pages (from-to)162-174
Number of pages13
JournalInformation Sciences
Volume601
DOIs
Publication statusPublished - Jul 2022

Keywords

  • Adaptive random forests
  • Encrypted traffic
  • IIoT
  • Malware
  • Online learning

Fingerprint

Dive into the research topics of 'A novel approach based on adaptive online analysis of encrypted traffic for identifying Malware in IIoT'. Together they form a unique fingerprint.

Cite this