Exploring Security Advancements in Distributed Systems through Artificial Intelligence and Machine Learning Approaches: A Comprehensive Review
Main Article Content
Abstract
The evaluation of intrusion and malware detection systems in network security encounters challenges due to the scarcity of publicly available and current datasets. This paper introduces the HIKARI-2021 dataset, encompassing encrypted simulated attacks and benign traffic, addressing content and process requirements for dataset development. The outlined requirements aim to facilitate future dataset creation, and both the HIKARI-2021 dataset and its creation methodology are made publicly accessible.
Focusing on a crucial aspect of intrusion and malware activities—specifically, the distribution and installation of programs on a large number of victim computers—this study delves into drive-by download attacks. These attacks entice victims to websites initiating exploits against their web browsers, leading to the automatic download and execution of malicious programs through injected shellcode. While prior research primarily concentrated on identifying the drive-by exploit stage and subsequent network traffic, the intermediary phase of malware download has received limited attention.
Our system demonstrates notable capabilities in identifying malicious applications, achieving a high accuracy rate (97.69 percent true positive) and a low false positive rate (0.43 percent). Importantly, this detection proficiency is observed weeks or even months before the appearance of identified threats on public blacklists.