An Empirical Evaluation of Supervised Learning Methods for Network Malware Identification Based on Feature Selection

A new paper is accepted in the Complexity journal, where the authors are: Carlos Mazano, Claudio Meneses, Paul Leger ( – To appear). Here is the abstract:

Malware is a sophisticated, malicious, and sometimes unidentifiable application on the network. The classifying network traffic method using machine learning shows to perform well in detecting malware. In the literature, it is reported that this good performance can depend on a reduced set of network features. This study presents an empirical evaluation
of two statistical methods of reduction and selection of features in an Android network traffic dataset using six supervised algorithms: Naïve Bayes, Support Vector Machine, Multilayer Perceptron Neural Network, Decision Tree, Random Forest, and K-Nearest Neighbors. The Principal Component Analysis (PCA) and Logistic Regression (LR) methods with p-value were applied to select the most representative features related to the time properties of flows and features of bidirectional packets. The selected features were used to train the algorithms using binary and multiclass classification. For performance evaluation and comparison metrics, precision, recall, F-measure, accuracy, and area under the curve (AUC-ROC) were used. The empirical results show that Random Forest obtains an average accuracy of 96\% and an AUC-ROC of 0.98 in binary classification. For the case of multiclass classification, again Random Forest achieves an average accuracy of 87\% and an AUC-ROC over 95\%, exhibiting better performance than the other machine learning algorithms. In both experiments, the 13 most representative features of a mixed set of flow time properties and bidirectional network packets selected by LR were used. In the case of the other five classifiers, their results in terms of precision, recall, and accuracy, are competitive with those obtained in related works, which used a greater number of input features. Therefore, it is empirically evidenced that the proposed method for the selection of features, based on statistical techniques of reduction and extraction of attributes, allows improving the identification performance of malware traffic, discriminating it from the benign traffic of Android applications.

Modeling and simulating Chinese cross-border e-commerce: an agent-based simulation approach

A new paper has been accepted in Journal of Simulation, where the authors: Oswaldo Téran, Paul Leger, Manuela López ( . Here is the abstract:

Chinese cross-border e-commerce has become the largest in the world, overtaking US e-commerce and representing about 40% of total global e-commerce spending in 2018. This market is highly complex, uncertain, and poorly understood. Surveys and statistics have been used to characterise it, but new approaches are required to better understand its complexity. To address this gap, we present an agent-based model of Chinese cross-border e-commerce.
For a realistic representation of the buyers’ decision-making mechanism and some elements of their communication, including word of mouth (WOM), we use endorsements theory, and a survey is used to specify the model. The aim of the study is twofold: (1) to present an agent based simulation (ABS) model of the Chinese cross-border e-commerce market; and (2) to illustrate the potential of the model to explore future possible configurations of the market and to guide stakeholders’ decision making.