Master Thesis
Detecting malware infections is one of the most challenging tasks in modern computer security. The anomaly detection approach to the detection is to model normal traffic and then find deviations from the model. This thesis describes a new profile-based method to the anomaly detection. Profile describes the behavior of users from different perspectives using multiple features. Features cover a wide range of actions of a user in a network. Compared to other feature-based anomaly detectors, profiles offer a more high-level view of the behavior of a user. The hypothesis is that looking for anomalies using high-level features produces less false positive alarms and at the same time is effective at finding real attacks.
The problem of obtaining labeled real data to train the anomaly detection algorithm is also addressed in this work. The datasets with real network traffic are produced to evaluate the proposed algorithm.
Download this thesis from here.