Experimenting and assessing machine learning tools for detecting and analyzing malicious behaviors in complex environments

This paper proposes applying and experimentally assessing machine learning tools to solve security issues in complex environments, specifically identifying and analyzing malicious behaviors. To evaluate the effectiveness of machine learning algorithms to detect anomalies, we consider the following three real-world case studies: (i) detecting and analyzing Tor traffic, on the basis of a machine learning-based discrimination technique; (ii) identifying and analyzing CAN bus attacks via deep learning; (iii) detecting and analyzing mobile malware, with particular regard to ransomware in Android environments, by means of structural entropy-based classification. Derived observations confirm the effectiveness of machine learning in supporting security of complex environments.