Malware Detection by Analysing Network Traffic with Neural Networks

摘要

In order to evade network-traffic analysis, an increasing proportion of malware uses the encrypted HTTPS protocol. We study the problem of detecting malware on client computers based on HTTPS traffic analysis. Here, malware has to be detected based on the host address, timestamps, and data volume information of aggregated packets that are sent and received by all the applications on the client. We develop a scalable protocol that allows us to collect network flows of known malicious and benign applications as training data and derive a malware-detection method based on a neural language model and a long short-term memory (LSTM) network. We study the method's ability to detect new malware in a large-scale empirical study.