RAT Hunter: Building Robust Models for Detecting Remote Access Trojans Based on Optimum Hybrid Features

Nowadays, critical infrastructures are severely exposed to a wide range of malicious attempts. The malicious activities are becoming more sophisticated. They infect victim’s machines and seek to obtain information from users instead of doing a destructiveness to the machine. Remote Access Trojan (RAT) is a type of malware that tries to control the victim’s machine remotely without victim awareness. Accordingly, the number and harmful effect of RAT threats for information thieves has increased dramatically. In this chapter, we propose an optimum feature set for hunting RAT malware based on intelligence feature selection for machine learning classification tasks. For building a robust model, we collected real-world samples from well-known repositories like Virus Total and Virus Share. Afterwards, the behaviour of these types of malware are analyzed through a modified sandbox as a reverse engineering tool to extract features from dynamic and static analysis. With the feature selection process, we applied a two-layer feature selection algorithm like information gain and correlated feature selection for obtaining the optimum set of features to tackles RAT threats. By implementing different models like the generative and deep learning models, we obtained an accuracy rate of 99.75% and a false alarm rate of 0.3%.