DOI: 10.54565/jphcfum.1579687 ISSN: 2651-3080

A Hybrid Method Based On A Genetic Algorithm That Uses Network Packets To Classify Spyware

İrfan Kılıç, Orhan Yaman, Edanur Erdoğan, Melisa İrem Aslan
The emergence of the Internet has led to the emergence of cyber-attacks and malware. Malware installed on mobile devices, including computers, phones, and tablets, can be used by attackers to access users' data. This study aims to use decision trees (DT) and genetic algorithms (GA) using a meta-heuristic approach to detect spyware, a category of malware, by analyzing network packets in a Windows operating system environment. When the literature is examined, it is noteworthy that there is a lack of studies on the detection of spyware using network packets. This situation was the driving force for this study. In order to carry out the study, an experimental environment was created by utilizing the laboratory facilities of Firat University, Faculty of Technology, Department of Forensic Informatics Engineering. In this experimental environment, various network packets were collected using different spyware applications. The data set was subjected to feature extraction using Tshark software. The effectiveness of meta-heuristics compared to the mathematical method of neighborhood component analysis (NCA) is demonstrated on the benchmark dataset. Therefore, a genetic algorithm (GA) was used to select the most weighted features among the extracted features. The selected features were classified with the decision tree (DT) algorithm. The results obtained are at the desired level for future studies.

More from our Archive