Learning Invariant Representation for Malicious Network Traffic Detection
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F16%3A00309233" target="_blank" >RIV/68407700:21230/16:00309233 - isvavai.cz</a>
Výsledek na webu
<a href="http://dx.doi.org/10.3233/978-1-61499-672-9-1132" target="_blank" >http://dx.doi.org/10.3233/978-1-61499-672-9-1132</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.3233/978-1-61499-672-9-1132" target="_blank" >10.3233/978-1-61499-672-9-1132</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Learning Invariant Representation for Malicious Network Traffic Detection
Popis výsledku v původním jazyce
Statistical learning theory relies on an assumption that the joint distributions of observations and labels are the same in training and testing data. However, this assumption is violated in many real world problems, such as training a detector of malicious network traffic that can change over time as a result of attacker's detection evasion efforts. We propose to address this problem by creating an optimized representation, which significantly increases the robustness of detectors or classifiers trained under this distributional shift. The representation is created from bags of samples (e.g. network traffic logs) and is designed to be invariant under shifting and scaling of the feature values extracted from the logs and under permutation and size changes of the bags. The invariance is achieved by combining feature histograms with feature self-similarity matrices computed for each bag and significantly reduces the difference between the training and testing data. The parameters of the representation, such as histogram bin boundaries, are learned jointly with the classifier. We show that the representation is effective for training a detector of malicious traffic, achieving 90% precision and 67% recall on samples of previously unseen malware variants.
Název v anglickém jazyce
Learning Invariant Representation for Malicious Network Traffic Detection
Popis výsledku anglicky
Statistical learning theory relies on an assumption that the joint distributions of observations and labels are the same in training and testing data. However, this assumption is violated in many real world problems, such as training a detector of malicious network traffic that can change over time as a result of attacker's detection evasion efforts. We propose to address this problem by creating an optimized representation, which significantly increases the robustness of detectors or classifiers trained under this distributional shift. The representation is created from bags of samples (e.g. network traffic logs) and is designed to be invariant under shifting and scaling of the feature values extracted from the logs and under permutation and size changes of the bags. The invariance is achieved by combining feature histograms with feature self-similarity matrices computed for each bag and significantly reduces the difference between the training and testing data. The parameters of the representation, such as histogram bin boundaries, are learned jointly with the classifier. We show that the representation is effective for training a detector of malicious traffic, achieving 90% precision and 67% recall on samples of previously unseen malware variants.
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
JD - Využití počítačů, robotika a její aplikace
OECD FORD obor
—
Návaznosti výsledku
Projekt
—
Návaznosti
N - Vyzkumna aktivita podporovana z neverejnych zdroju
Ostatní
Rok uplatnění
2016
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
European Conference on Artificial Intelligence
ISBN
978-1-61499-671-2
ISSN
0922-6389
e-ISSN
—
Počet stran výsledku
8
Strana od-do
1132-1139
Název nakladatele
IOS Press
Místo vydání
Amsterdam
Místo konání akce
Hague
Datum konání akce
29. 8. 2016
Typ akce podle státní příslušnosti
WRD - Celosvětová akce
Kód UT WoS článku
000385793700132