Welcome to the InfoSci Platform

A Highly Efficient Remote Access Trojan Detection Method

Wei Jiang, Xianda Wu, Xiang Cui, Chaoge Liu

Source Title: International Journal of Digital Crime and Forensics (IJDCF)11(4)

ISSN: 1941-6210|EISSN: 1941-6229|EISBN13: 9781522565178|DOI: 10.4018/IJDCF.2019100101

MLA

Jiang, Wei, et al. "A Highly Efficient Remote Access Trojan Detection Method." IJDCF vol.11, no.4 2019: pp.1-13. http://doi.org/10.4018/IJDCF.2019100101

APA

Jiang, W., Wu, X., Cui, X., & Liu, C. (2019). A Highly Efficient Remote Access Trojan Detection Method. International Journal of Digital Crime and Forensics (IJDCF), 11(4), 1-13. http://doi.org/10.4018/IJDCF.2019100101

Chicago

Jiang, Wei, et al. "A Highly Efficient Remote Access Trojan Detection Method," International Journal of Digital Crime and Forensics (IJDCF) 11, no.4: 1-13. http://doi.org/10.4018/IJDCF.2019100101

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

Nowadays, machine learning is popular in remote access Trojan (RAT) detection which can create patterns for decision-making. However, most research focus on improving the detection rate and reducing the false negative rate, therefore they ignore the result of abnormal samples. In addition, most classifiers select several proprietary applications and RATs as their training set, which makes them difficult to adapt to the real environment. In this article, the authors address the issue of imbalance dataset between normal and RAT samples, and propose a highly efficient method of detecting RATs in real traffic. In the authors method, they generate eight features by combining the size, the inter-arrival and the flag from one packet sequence. Then, they preprocess the imbalance dataset and implement a classifier by XGBoost algorithm. The classifier achieves a false negative rate of less than 0.18%. Moreover, the authors demonstrate that their classifier is capable of detecting unknown RAT.