Remote Access Trojan Detection Using Machine Learning and Network Traffic Analysis
摘要
Remote Access Trojans (RATs) are a significant danger to cybersecurity because they offer unauthorized access and control over infected systems. Detecting them with conventional approaches is particularly difficult due to their covert nature and ability to impersonate regular network activity. To identify RATs via network traffic analysis, this study suggests a machine learning-based method. The first step in the process is to utilize the popular network protocol analyzer Wireshark to capture network packets. To enable additional analysis, the collected data is subsequently transformed into dataset. Various data, such as source and destination IP addresses, port numbers, packet sizes, protocol types, and time intervals between packets, are extracted from the CSV files that suggest RAT activity. A machine learning model is trained using these features. The model is intended to differentiate between normal and suspect network behaviors by recognizing patterns associated with RATs. The machine learning model's ability to identify the rat activity in network traffic. Use of several machine learning models, including Logistic Regression, Decision Tree, Random Forest, Support Vector Machine (SVM), Neural Network, and XGBoost, to classify the network traffic data is assessed once it has been trained. The model's efficacy is evaluated using performance indicators like F1-score, ROC-AUC, recall, accuracy, and precision. The result showed that the approach effectively detected the RAT with high accuracy. In particular, the Random Forest algorithm achieved over 98% accuracy with an FNR of 4% indicating the validity of the approach in detecting RAT.