Detection of Cyber Malware Attack Based on Network Traffic Features Using Neural Network

Ventje Jeremias Lewi Engel, Evan Joshua, Mychael Maoeretz Engel



Various techniques have been developed to detect cyber malware attacks, such as behavior based method which utilizes the analysis of permissions and system calls made by a process. However, this technique cannot handle the types of malware that continue to evolve. Therefore, an analysis of other suspicious activities – namely network traffic or network traffic – need to be conducted. Network traffic acts as a medium for sending information used by malware developers to communicate with malware infecting a victim's device. Malware analyzed in this study is divided into 3 classes, namely adware, general malware, and benign. The malware classification implements 79 features extracted from network traffic flow and an analysis of these features using a Neural Network that matches the characteristics of a time-series feature. The total flow of network traffic used is 442,240 data. The results showed that 15 main features selected based on literature studies resulted in F-measure 0.6404 with hidden neurons 12, learning rate 0.1, and epoch 300. As a comparison, the researchers chose 12 features based on the nature of the malware possessed, with the F-measure score of 0.666 with hidden neurons 12, learning rate 0.05, and epoch 300. This study found the importance of data normalization technique to ensure that no feature was far more dominant than other features. It was concluded that the analysis of network traffic features using Neural Network can be used to detect cyber malware attacks and more features does not imply better detection performance, but real-time malware detection is required for network traffic on IoT devices and smartphones.


cyberattacks; malware detection; neural network; network traffic feature

Full Text:



Kaspersky, “Mobile Malware Threatens Smartphones & Tablets,” Kaspersky Lab ZA, 2015. [Online]. Available: [Accessed: 18-Jul-2018].

C. Lueg, “8,400 new Android malware samples every day,” G Data Security Blog, 2017. [Online]. Available: [Accessed: 18-Jul-2018].

Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and Evolution,” in Proceedings - IEEE Symposium on Security and Privacy, 2012, no. 4, pp. 95–109.

B. A. Forouzan, TCP/IP Protocol Suite, 4th ed. New York: McGraw-Hill Companies, Inc., 2010.

A. H. Lashkari, A. F. A. Kadir, H. Gonzalez, K. F. Mbah, and A. A. Ghorbani, “Towards a Network-Based Framework for Android Malware Detection and Characterization,” in Proceeding of the 15th international conference on privacy, security and trust, 2017.

P. Kaushik and A. Jain, “Article: Malware Detection Techniques in Android,” Int. J. Comput. Appl., vol. 122, no. 17, pp. 22–26, 2015.

M. Stevanovic and J. M. Pedersen, “An analysis of network traffic classification for botnet detection,” in 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015, pp. 1–8.

J. Zhang, Y. Xiang, and Y. Wang, “Network Traffic Classification Using Correlation Information,” IEEE Trans. Parallel Distrib. Syst., vol. 24, no. 1, pp. 104–117, 2013.

F. Wibowo and A. Harjoko, “Klasifikasi Mutu Pepaya Berdasarkan Ciri Tekstur GLCM Menggunakan Jaringan Saraf Tiruan,” Khazanah Inform. J. Ilmu Komput. dan Inform., vol. 3, no. 2, pp. 100–104, 2018.

T. Rashid, Make Your Own Neural Network: A Gentle Journey Through the Mathematics of Neural Networks. CreateSpace Independent Publishing Platform, 2016.

Canadian Institute for Cybersecurity, “Android Adware and General Malware Dataset,” University of New Brunswick, 2017. [Online]. Available: [Accessed: 18-Nov-2018].

M. Stevanovic and J. M. Pedersen, “An efficient flow-based botnet detection using supervised machine learning,” in 2014 International Conference on Computing, Networking and Communications (ICNC), 2014, pp. 797–801.

H. Lim, Y. Yamaguchi, H. Shimada, and H. Takakura, “Malware Classification Method Based on Sequence of Traffic Flow,” in 2015 International Conference on Information Systems Security and Privacy (ICISSP), 2015, pp. 394–401.

D. Jiang and K. Omote, “An approach to detect remote access trojan in the early stage of communication,” in 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, 2015, pp. 706–713.

Z. B. Celik, R. J. Walls, P. Mcdaniel, and A. Swami, “Malware Traffic Detection using Tamper Resistant Features,” in MILCOM 2015-2015 IEEE Military Communications Conference, 2015, pp. 330–335.

Article Metrics

Abstract view(s): 202 time(s)
PDF: 123 time(s)


  • There are currently no refbacks.