All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Learning Detector of Malicious Network Traffic from Weak Labels

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F15%3A00235471" target="_blank" >RIV/68407700:21230/15:00235471 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1007/978-3-319-23461-8_6" target="_blank" >http://dx.doi.org/10.1007/978-3-319-23461-8_6</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-319-23461-8_6" target="_blank" >10.1007/978-3-319-23461-8_6</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Learning Detector of Malicious Network Traffic from Weak Labels

  • Original language description

    We address the problem of learning a detector of malicious behavior in network traffic. The malicious behavior is detected based on the analysis of network proxy logs that capture malware communication between client and server computers. The conceptualproblem in using the standard supervised learning methods is the lack of sufficiently representative training set containing examples of malicious and legitimate communication. Annotation of individual proxy logs is an expensive process involving security experts and does not scale with constantly evolving malware. However, weak supervision can be achieved on the level of properly defined bags of proxy logs by leveraging internet domain black lists, security reports, and sandboxing analysis. We demonstrate that an accurate detector can be obtained from the collected security intelligence data by using a Multiple Instance Learning algorithm tailored to the Neyman-Pearson problem. We provide a thorough experimental evaluation on a large c

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    JD - Use of computers, robotics and its application

  • OECD FORD branch

Result continuities

  • Project

    <a href="/en/project/GAP202%2F12%2F2071" target="_blank" >GAP202/12/2071: Structured Statistical Models for Image Understanding</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2015

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Machine Learning and Knowledge Discovery in Databases, Part III

  • ISBN

    978-3-319-23460-1

  • ISSN

    0302-9743

  • e-ISSN

  • Number of pages

    15

  • Pages from-to

    85-99

  • Publisher name

    Springer

  • Place of publication

    Heidelberg

  • Event location

    Porto

  • Event date

    Sep 7, 2015

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000363667400009

Similar results(10)

Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants*Learning detector of malicious network communication from dataLearning Invariant Representation for Malicious Network Traffic Detection