{"created":"2020-09-01T14:32:49.741208+00:00","id":4347,"links":{},"metadata":{"_buckets":{"deposit":"f8d9c368-b212-4270-aa7c-b0a303a58a4f"},"_deposit":{"id":"4347","owners":[],"pid":{"revision_id":0,"type":"recid","value":"4347"},"status":"published"},"_oai":{"id":"oai:meral.edu.mm:recid/4347","sets":["1582963302567:1597824322519"]},"communities":["ucsy"],"item_1583103067471":{"attribute_name":"Title","attribute_value_mlt":[{"subitem_1551255647225":"Network Behavioral Analysis for Detection of Remote Access Trojans","subitem_1551255648112":"en_US"}]},"item_1583103085720":{"attribute_name":"Description","attribute_value_mlt":[{"interim":"Today’s world is connected through the Internet, everyone can connect eachother and people do business on the Internet like online shopping and online banking.Social networking sites are widely used and people save their sensitive data onconnected computer or laptop or mobile phone. Therefore, information security isincreasingly important to be protected properly. Remote Access Trojan (RAT), a kindof malware, is one of malwares that disclose confidential information to the wrong party.It passes through network to give command to the victim and control it remotely.Researchers have proposed many approaches to detect such kind of malware. However,threat actors use canning ways to create new malwares, and so new Remote AccessTrojans and variants of existing RATs are emerging every day. The popular AdvancedPersistent Threat (APT) and targeted attacks also use the command and controlcommunication like RAT to intrude and control a victim remotely.There are three main challenges facing Remote Access Trojan detection. First,signature-based detection is not enough to catch up RATs that camouflage themselvesby using encryption and polymorphism. Second, there is lack of effective features formachine learning methods to identify the behavior of Remote Access Trojans althoughbehavior-based detection is useful for detecting unknown malware. Third, there is muchoverhead and time takes long in extracting features from a session that starts SYNpacket of TCP three-way handshake to the end of the traffic in network trafficclassification.Both network-based and behavior-based approaches are applied in developingsoftware for malware detection. Network behavioral analysis has been done many yearsfor two objectives: to detect the command and control traffic of malwares like RemoteAccess Trojans so that confidential data cannot be disclosed to the wrong person, andto classify network traffic so that network administrator can manage his or her relatednetwork easily.Network behavioral analysis is done and a new approach of feature extractionfor detecting Remote Access Trojans in the early stage is proposed and implemented inthis thesis. The malicious behavior of Remote Access Trojans is differentiated fromnormal network traffic in the first twenty packets of network traces. Four machinelearning algorithms are applied for classification and their parameters are tunedperfectly in order to obtain the best performance. This thesis makes three primaryiiicontributions. First, the detection solutions proposed fundamental behavior of RemoteAccess Trojans and are immune to malware obfuscation and traffic encryption. Second,the solutions are general enough to identify different types of Remote Access Trojansand they can also be extended to counter next-generation Remote Access Trojans. Third,the detection solutions function to meet the needs of network traffic classification inorder to differentiate normal traffic and malicious one.By accomplishing this approach, Remote Access Trojans are detected in theearly stage and it is not necessary to wait until the end of the network traffic in capturingnetwork traffic for network traffic classification. It approaches to achieve the objectivesof information security: Confidentiality, Integrity and Availability (CIA). Limitationsand future work are also explained clearly."}]},"item_1583103108160":{"attribute_name":"Keywords","attribute_value":[]},"item_1583103120197":{"attribute_name":"Files","attribute_type":"file","attribute_value_mlt":[{"accessrole":"open_access","date":[{"dateType":"Available","dateValue":"2019-10-07"}],"displaytype":"preview","filename":"NetworkBehavioralAnalysis_KhinSweYin.pdf","filesize":[{"value":"3215 Kb"}],"format":"application/pdf","licensetype":"license_note","mimetype":"application/pdf","url":{"url":"https://meral.edu.mm/record/4347/files/NetworkBehavioralAnalysis_KhinSweYin.pdf"},"version_id":"b54ed6e2-9bc2-4c5f-842f-aaa18ba8a772"}]},"item_1583103131163":{"attribute_name":"Journal articles","attribute_value_mlt":[{"subitem_issue":"","subitem_journal_title":"","subitem_pages":"","subitem_volume":""}]},"item_1583103147082":{"attribute_name":"Conference papers","attribute_value_mlt":[{"subitem_acronym":"","subitem_c_date":"","subitem_conference_title":"","subitem_part":"","subitem_place":"","subitem_session":"","subitem_website":""}]},"item_1583103211336":{"attribute_name":"Books/reports/chapters","attribute_value_mlt":[{"subitem_book_title":"","subitem_isbn":"","subitem_pages":"","subitem_place":"","subitem_publisher":""}]},"item_1583103233624":{"attribute_name":"Thesis/dissertations","attribute_value_mlt":[{"subitem_awarding_university":"University of Computer Studies, Yangon","subitem_supervisor(s)":[{"subitem_supervisor":""}]}]},"item_1583105942107":{"attribute_name":"Authors","attribute_value_mlt":[{"subitem_authors":[{"subitem_authors_fullname":"Yin, Khin Swe"}]}]},"item_1583108359239":{"attribute_name":"Upload type","attribute_value_mlt":[{"interim":"Publication"}]},"item_1583108428133":{"attribute_name":"Publication type","attribute_value_mlt":[{"interim":"Thesis"}]},"item_1583159729339":{"attribute_name":"Publication date","attribute_value":"2019-09"},"item_1583159847033":{"attribute_name":"Identifier","attribute_value":"http://onlineresource.ucsy.edu.mm/handle/123456789/2283"},"item_title":"Network Behavioral Analysis for Detection of Remote Access Trojans","item_type_id":"21","owner":"1","path":["1597824322519"],"publish_date":"2019-10-07","publish_status":"0","recid":"4347","relation_version_is_last":true,"title":["Network Behavioral Analysis for Detection of Remote Access Trojans"],"weko_creator_id":"1","weko_shared_id":-1},"updated":"2021-12-13T01:44:13.740141+00:00"}