Accurate In-Network File-Type Classification

Accurate In-Network File-Type Classification
Title:
Accurate In-Network File-Type Classification
Other Titles:
Proceedings of the Singapore Cyber-Security Conference
DOI:
10.3233/978-1-61499-617-0-139
Publication Date:
15 January 2016
Citation:
Abstract:
Accurate classification of file types carried by network traffic aids in securing a network against various types of malicious activities such as malware infection, data exfiltration, botnet communication, etc. An important challenge here is to accurately classify files without slowing down network traffic. Therefore, the cost of accurate file-type classification has to be known. In this work, we carry out a preliminary but extensive investigation to evaluate different sets of features for file-type classification. The objective is to detect not only file types under normal scenario, but also files that are transferred with obfuscated headers. Our experiments show that the feature vector consisting of unigram frequencies leads to high accuracy; yet, combining this feature set with entropy feature vector leads to improvement in accuracies.
License type:
http://creativecommons.org/licenses/by-nc/4.0/
Funding Info:
Description:
ISBN:
978-1-61499-616-3
978-1-61499-617-0
Files uploaded:

File Size Format Action
inflect-crc-final-2016.pdf 365.13 KB PDF Open