Research Article
Stateless Malware Packet Detection by Incorporating Naive Bayes with Known Malware Signatures
Algorithm 1
Flow/packet classification.
(1) for all selected features do | (2) features, fre_norm, pb_norm, fre_att, | pb_att => splitFlow | (3) push (feature) => field1 | (4) push (pb_norm) => field3 | (5) push (pb_att) => field5 | (6) end for | (7) for each captured flow do | (8) extract payload => allFlow | (9) end for | (10) for allFlow rows do | (11) split row | (12) if test feature eachrow = field1 then | (13) accumulate differ field5, field3 | (14) end if | (15) count Probability (Pb) using (2) | (16) if Pb > threshold then | (17) flow => malware | (18) else | (19) flow => normal | (20) end if | (21) end for |
|