Research Article
Stateless Malware Packet Detection by Incorporating Naive Bayes with Known Malware Signatures
Algorithm 1
Flow/packet classification.
| (1) for all selected features do | | (2) features, fre_norm, pb_norm, fre_att, | | pb_att => splitFlow | | (3) push (feature) => field1 | | (4) push (pb_norm) => field3 | | (5) push (pb_att) => field5 | | (6) end for | | (7) for each captured flow do | | (8) extract payload => allFlow | | (9) end for | | (10) for allFlow rows do | | (11) split row | | (12) if test feature eachrow = field1 then | | (13) accumulate differ field5, field3 | | (14) end if | | (15) count Probability (Pb) using (2) | | (16) if Pb > threshold then | | (17) flow => malware | | (18) else | | (19) flow => normal | | (20) end if | | (21) end for |
|
