For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
A RAT Detection Method by Using Packet Entropy on Early Intrusion Stage
Masahiro ISHII Masumi UNO Atsuo INOMATA Ismail ARAI Kazutoshi FUJIKAWA
B - Abstracts of IEICE TRANSACTIONS on Communications (Japanese Edition)
Publication Date: 2018/03/01
Online ISSN: 1881-0209
Type of Manuscript: PAPER
RAT, intrusion detection, network security, machine learning,
Full Text(in Japanese): PDF(913.5KB)
>>Buy this Article
We provide a method to detect early intrusion stage of Remote Access Trojan/tool (RAT) communications by using their network features of packet entropy. We used several supervised machine learning algorithms and k-fold cross validation technique to validate using features of packet entropy. From our experimental results, we report that our approach can detect RAT sessions with the high accuracy 96.4% and the low false positive rate of 0.7% by Random Forest algorithm. In addition, other metrics for evaluating the classifiers are better than previously reported results.