dc.description.abstract | Malicious software has become an increasing problem for both businesses and home
users. The traditional antivirus solutions are not always enough to detect an infection.
As a result of this a lot of businesses are deploying Intrusion Detection Systems, so
that they may have an extra level of protection by analyzing the network traffic.
Intrusion Detection Systems are resource hungry, and may in some cases require more
resources than what is available. This means that some of the traffic will not be
analyzed, and malicious software may be able to avoid detection.
In some cases, laws and regulations may prevent you from inspecting the content of
the network traffic, making it difficult to detect infected clients. In these types of
scenarios a solution not dependent on traffic content is a viable alternative.
In this paper we will propose a solution to detect malicious software in a network with
less resource demands than a traditional Intrusion Detection System. The method will
only use flow data when determining whether a client is infected or not. The decision
will be made using both learning automata and stochastic weak estimators.
We have shown that it is possible to detect malicious software in a network without
inspecting the content of the packets, and that it is achievable by the use of both
learning automata and stochastic weak estimators. | en |