All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Learning Invariant Representation for Malicious Network Traffic Detection

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F16%3A00309233" target="_blank" >RIV/68407700:21230/16:00309233 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.3233/978-1-61499-672-9-1132" target="_blank" >http://dx.doi.org/10.3233/978-1-61499-672-9-1132</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.3233/978-1-61499-672-9-1132" target="_blank" >10.3233/978-1-61499-672-9-1132</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Learning Invariant Representation for Malicious Network Traffic Detection

  • Original language description

    Statistical learning theory relies on an assumption that the joint distributions of observations and labels are the same in training and testing data. However, this assumption is violated in many real world problems, such as training a detector of malicious network traffic that can change over time as a result of attacker's detection evasion efforts. We propose to address this problem by creating an optimized representation, which significantly increases the robustness of detectors or classifiers trained under this distributional shift. The representation is created from bags of samples (e.g. network traffic logs) and is designed to be invariant under shifting and scaling of the feature values extracted from the logs and under permutation and size changes of the bags. The invariance is achieved by combining feature histograms with feature self-similarity matrices computed for each bag and significantly reduces the difference between the training and testing data. The parameters of the representation, such as histogram bin boundaries, are learned jointly with the classifier. We show that the representation is effective for training a detector of malicious traffic, achieving 90% precision and 67% recall on samples of previously unseen malware variants.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    JD - Use of computers, robotics and its application

  • OECD FORD branch

Result continuities

  • Project

  • Continuities

    N - Vyzkumna aktivita podporovana z neverejnych zdroju

Others

  • Publication year

    2016

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    European Conference on Artificial Intelligence

  • ISBN

    978-1-61499-671-2

  • ISSN

    0922-6389

  • e-ISSN

  • Number of pages

    8

  • Pages from-to

    1132-1139

  • Publisher name

    IOS Press

  • Place of publication

    Amsterdam

  • Event location

    Hague

  • Event date

    Aug 29, 2016

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000385793700132

Similar results(10)

Robust Representation for Domain Adaptation in Network SecurityOptimized Invariant Representation of Network Traffic for Detecting Unseen Malware VariantsLearning Detector of Malicious Network Traffic from Weak Labels