Applying Machine Learning Techniques and a Distributed Knowledge-based Temporal-abstraction Method in Computer Network Security

Asaf Shabtai

Ben-Gurion University of the Negev, 2011

Today’s computer and telecommunication infrastructure is highly susceptible to malicious attacks. One common way of unleashing such attacks is by employing malware (malicious software) such as worms, viruses, Trojan horses or spyware. These attacks can cause great damage and account for more than 10% of the total traffic of Network Service Providers (NSP). Since the detection capabilities of most antivirus software and intrusion detection systems depend on an updated malware signature repository, they can handle known malware for which they have signatures but are unable to handle unknown malware. The period of time from the release of an unknown malware until security vendors update their clients with the proper malware signature is highly critical. During this time, the malware is undetectable by most signature-based solutions and the new malware can easily spread and infect other machines …