Please use this identifier to cite or link to this item: https://rda.sliit.lk/handle/123456789/2081
Title: E-Secure: An Automated Behavior Based Malware Detection System for Corporate E-Mail Traffic
Authors: Thebeyanthan, K.
Achsuthan, M.
Ashok, S.
Vaikunthan, P.
Senaratne, A. N
Abeywardena, K. Y
Keywords: Dynamic analysis
Malware
Behavior analysis
Cuckoo sandbox
Clustering
Identification
API calls
Risk analysis
Issue Date: 2-Nov-2018
Publisher: SAI 2018: Intelligent Computing
Citation: Thebeyanthan, K., Achsuthan, M., Ashok, S., Vaikunthan, P., Senaratne, A.N., Abeywardena, K.Y. (2019). E-Secure: An Automated Behavior Based Malware Detection System for Corporate E-Mail Traffic. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Intelligent Computing. SAI 2018. Advances in Intelligent Systems and Computing, vol 857. Springer, Cham. https://doi.org/10.1007/978-3-030-01177-2_77
Series/Report no.: Advances in Intelligent Systems and Comp;Vol. 857,Pages 1056-1071
Abstract: Over the year’s cyber-attacks have become much more sophisticated, bringing new challenges to the cyber world. Cyber security is becoming one of the major concerns in the area of network security these days. In recent times attackers have found new ways to bypass the malware detection technologies that are used in the security domain. The static analysis of malware is no longer considered an effective method compared to the propagating rate of malware bypassing static analysis. The first step that has to be followed to protect a system is to have a deep knowledge about existing malware, different types of malware, a method to detect the malware, and the method to bypass the effects caused by the malware. E-Secure is a behavior based malware detection system for corporate e-mail traffic. This paper proposes a malware security system as a solution to detect the malicious file that is passed through the e-mail of corporate network, and externally a file uploaded separately through a website for analysis. Since signature-based methods cannot identify the sophisticated malware effectively, the dynamic analysis is used to identify the malware. The Cuckoo Sandbox plays an important role in analyzing the behavior of malware but has no feature to extract the behavior, cluster it and produce results graphically in a way that is easier to understand. An application programming interface is used to extract the behavior of the malware and to train the machines automatically by feeding the extracted behavior. K-Means algorithm is used to cluster the malware based on the same behaviors. An application programming Interface is developed to illustrate the clusters graphically. After the completion of the training process, when a new malware arrives again an application programming interface is developed to identify the type of the malware. Risk analysis is used to state the criticality of a malware. The output of the whole process can be viewed through the E-Secure web interface which helps even a junior network security administrator to understand the detected malware and how critical the malware is.
URI: http://rda.sliit.lk/handle/123456789/2081
ISBN: 978-3-030-01177-2
Appears in Collections:Department of Computer Systems Engineering-Scopes
Research Papers - Dept of Computer Systems Engineering
Research Papers - SLIIT Staff Publications



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.