Malware is any unusual
data or executable code that can affect the performance of a network.
Performance of network means the speed of your network the security of your
network or it can delay the operations linked with your network. Malware is
usually used by security breaches to violate user’s privacy and for accessing
their private and confidential data. There are many ways of penetrating the
malware into any network. This malware can later be used for accessing the
passwords, files and personal information of users on that network. The data
accessed in such manner can be used for ransom or for blackmailing1.
Computer and other telecommunication networks are becoming increasingly complex
and difficult to understand due to multiple hosts and interdependency of these
hosts. The hosts are designed in such a way that they can connect to other
hosts directly. This provides better and faster performance with minimum degree
of delay but on the other hand it makes the network more easy and simple for
malware penetration into all the hosts of that network. Reducing the number of
direct connections between hosts will definitely make the networks less
vulnerable for malware 23.
Whenever malware penetration is successfully carried out in a host that host
and data it carries becomes infected. Afterwards that host can be used as a
penetration point for effecting other hosts on that network 2.
There has been an immense increase in amount of malware
attacks on networks and attackers have adopted many new ways and means for
malware penetration into networks. Malwares are designed in such a way that
they have capability to hide them whenever attempts are made to detect them. So
for overcoming such threats the network providers have also took some
initiatives for making the networks less vulnerable to these attacks. Hosts in
networks are being provided with protection against malware in form of
Antivirus software’s. But these antivirus programs can be successful if they
respond to any threat as quickly as possible after detecting it. This is a
solution but not an ideal one. Why? Because all the existing antivirus
software’s are designed for malware that exist. Let’s suppose if an attacker
attacks a network and the antivirus on that network is unable to detect that
malware it will infect that host and rapidly the whole network 24.
Many attempts have been made to design such protocols,
techniques and algorithms to take down security attacks on
networks. One of many techniques is to detect the malware presence with the
help of network traffic. Many detection techniques were successful enough to
takedown a huge number of attacks but as soon as the attackers realize that
their penetration technique has been discovered by anti-malware software’s on
target network they quit their old way of attacking and they come up with a new
technique which easily bypasses the existing malware detection software’s and
algorithms. This results in failure of techniques that are designed for known
and existing malwares and they become irrelevant and useless 14.