SlideShare a Scribd company logo

Encrypted traffic malware detection twiml

Download as PPTX, PDF
M
madhucharis

Novel Feature Engineering for Data Analytics for Malware Behaviour Tracing

Data & Analytics
1 of 8
Encrypted Traffic Malware Detection NITIN BHARADWAJ MUTUKULA AND MADHUSOODHANA CHARI
NOVEL FEATURE ENGINEERING FOR MALWARE TRAFFIC DATA MINING: FLOW PACKET LENGTH SEQUENCE: step 1 step 2 step 3 step 4 step 5 0 -> 40 -> 540 -> 48 -> 40 -> 100 Toggle 1 Toggle 2 Toggle 3 (forward) (backward) (forward) Existing Packet Length(PL) Features per flow: • Minimum PL: 40 • Maximum PL: 540 • Mean PL: 154 • Standard Deviation: 194 Novel Packet Length(PL) Features per flow: • Step count in forward direction: Min – 1, Max – 2, Mean – 1, Std. deviation – 0 • Step count in backward direction: Min – 2, Max – 2, Mean - 2, Std. deviation – 0 • Forward toggle count : 2 • Backward toggle count: 1 • Number of unique packet lengths: 4
Patterns found in K-MEANS: Average distance within the cluster Clustering with existing flow attributes Clustering with newly added flow attributes cluster_1 1.110 0.312 cluster_2 11.443 2.708 cluster_3 13.301 11.487 cluster_4 20.682 22.733 cluster_5 NA 2.327 cluster_6 NA 13.092 cluster_7 NA 7.638 cluster_8 NA 9.858 Average 3.722 3.143 Davies Bouldin Index 0.859 0.839 Index Cluster ID Absolute count Fraction 1 cluster_0 38028 0.792 2 cluster_1 5122 0.10 3 cluster_2 3111 0.065 4 cluster_3 1769 0.037 Clustering with existing flow attributes Index Cluster ID Absolute count Fraction 1 cluster_0 29093 0.606 2 cluster_1 7940 0.165 3 cluster_6 3834 0.0798 4 cluster_5 2316 0.048 5 cluster_7 1686 0.035 6 cluster_3 1344 0.028 7 cluster_2 1023 0.021 8 cluster_4 794 0.0167 Clustering with newly added flow attributes
Patterns found in DBSCAN: Benign Dataset:  Estimated number of clusters: 3  Estimated number of noise points: 1666  Silhouette Coefficient: 0.734 Malware Dataset:  Estimated number of clusters: 8  Estimated number of noise points: 3724  Silhouette Coefficient: 0.576
Open questions/issues  Any better techniques to identify the optimal number of clusters for KMEANS and the optimal epsilon value for DBSCAN?  How to identify the best standardization technique for our dataset?  Is supervised learning a better approach in this context?
Thank you Nitin Bharadwaj Mutukula
Difficulties involved:  Hardware limitations of Switches and Routers.  Privacy concerns.  Traffic encryption.  Smart Malware creators
FEATURES (PER FLOW):  Packet length based statistics per network flow in both directions.  Network flow- Sequence of packets from a particular source to a particular destination.  8 existing packet length features extracted by Netmate: Minimum, Maximum, Mean and Standard deviation of Packet lengths in forward and backward directions. Source IP Src port Dest IP Dest port Protocol Packet length statistics 172.16.5.203 49158 172.16.5.5 88 6 40,105,288,122,40,119,346,151

Recommended

Michael Freyberger Sophomore Independent Work
Michael Freyberger Sophomore Independent WorkMichael Freyberger Sophomore Independent Work
Michael Freyberger Sophomore Independent WorkMichael Freyberger
 
Aa
AaAa
Aaashok1214
 
Low Rate DDoS attack using Improved Robust Random Early Detection
Low Rate DDoS attack using Improved Robust Random Early DetectionLow Rate DDoS attack using Improved Robust Random Early Detection
Low Rate DDoS attack using Improved Robust Random Early DetectionShreeya Shah
 
ENSEIRB - Advanced Project
ENSEIRB - Advanced ProjectENSEIRB - Advanced Project
ENSEIRB - Advanced ProjectArnaud Lempereur
 
Zmap talk-sec13
Zmap talk-sec13Zmap talk-sec13
Zmap talk-sec13Sergi Duró
 
透视消费者.ppt
透视消费者.ppt透视消费者.ppt
透视消费者.pptwei mingyang
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Intrusion detection in heterogeneous network by multipath routing based toler...
Intrusion detection in heterogeneous network by multipath routing based toler...Intrusion detection in heterogeneous network by multipath routing based toler...
Intrusion detection in heterogeneous network by multipath routing based toler...eSAT Journals
 

Recommended

Michael Freyberger Sophomore Independent Work
Michael Freyberger Sophomore Independent WorkMichael Freyberger Sophomore Independent Work
Michael Freyberger Sophomore Independent WorkMichael Freyberger
 
Aa
AaAa
Aaashok1214
 
Low Rate DDoS attack using Improved Robust Random Early Detection
Low Rate DDoS attack using Improved Robust Random Early DetectionLow Rate DDoS attack using Improved Robust Random Early Detection
Low Rate DDoS attack using Improved Robust Random Early DetectionShreeya Shah
 
ENSEIRB - Advanced Project
ENSEIRB - Advanced ProjectENSEIRB - Advanced Project
ENSEIRB - Advanced ProjectArnaud Lempereur
 
Zmap talk-sec13
Zmap talk-sec13Zmap talk-sec13
Zmap talk-sec13Sergi Duró
 
透视消费者.ppt
透视消费者.ppt透视消费者.ppt
透视消费者.pptwei mingyang
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Intrusion detection in heterogeneous network by multipath routing based toler...
Intrusion detection in heterogeneous network by multipath routing based toler...Intrusion detection in heterogeneous network by multipath routing based toler...
Intrusion detection in heterogeneous network by multipath routing based toler...eSAT Journals
 
Intrusion detection in heterogeneous network by multipath routing based toler...
Intrusion detection in heterogeneous network by multipath routing based toler...Intrusion detection in heterogeneous network by multipath routing based toler...
Intrusion detection in heterogeneous network by multipath routing based toler...eSAT Publishing House
 
Network traffic analysis course
Network traffic analysis courseNetwork traffic analysis course
Network traffic analysis courseTECHNOLOGY CONTROL CO.
 
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisNetwork analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisYoram Orzach
 
Wsn protocols
Wsn protocolsWsn protocols
Wsn protocolsnooralleema
 
Network Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes NetNetwork Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes NetGyan Prakash
 
Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17redpel dot com
 
CoryCookFinalProject535
CoryCookFinalProject535CoryCookFinalProject535
CoryCookFinalProject535Cory Cook
 
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERA STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERJournal For Research
 
Measuring ATR: IETF 101
Measuring ATR: IETF 101Measuring ATR: IETF 101
Measuring ATR: IETF 101APNIC
 
A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...Mumbai Academisc
 
Network stats using Gephi
Network stats using GephiNetwork stats using Gephi
Network stats using GephiGrace Bassett, Ph.D.
 
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issues
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issuesNetwork analysis Using Wireshark Lesson 12 - bandwidth and delay issues
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issuesYoram Orzach
 
Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...
Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...
Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...Editor IJCATR
 
Snmp based network monitoring system
Snmp based network monitoring systemSnmp based network monitoring system
Snmp based network monitoring systemsweta dargad
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211IJNSA Journal
 
Architecture for SNMP based Network Monitoring System
Architecture for SNMP based Network Monitoring SystemArchitecture for SNMP based Network Monitoring System
Architecture for SNMP based Network Monitoring Systemsweta dargad
 
Network analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture FiltersNetwork analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture FiltersYoram Orzach
 
Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...
Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...
Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...IRJET Journal
 
A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...IJCERT
 
DSP Based Implementation of Scrambler for 56kbps Modem
DSP Based Implementation of Scrambler for 56kbps ModemDSP Based Implementation of Scrambler for 56kbps Modem
DSP Based Implementation of Scrambler for 56kbps ModemCSCJournals
 
Globecom 2015: Adaptive Raptor Carousel for 802.11
Globecom 2015: Adaptive Raptor Carousel for 802.11Globecom 2015: Adaptive Raptor Carousel for 802.11
Globecom 2015: Adaptive Raptor Carousel for 802.11Andrew Nix
 

More Related Content

What's hot

Intrusion detection in heterogeneous network by multipath routing based toler...
Intrusion detection in heterogeneous network by multipath routing based toler...Intrusion detection in heterogeneous network by multipath routing based toler...
Intrusion detection in heterogeneous network by multipath routing based toler...eSAT Publishing House
 
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisNetwork analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisYoram Orzach
 
Network Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes NetNetwork Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes NetGyan Prakash
 
Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17redpel dot com
 
CoryCookFinalProject535
CoryCookFinalProject535CoryCookFinalProject535
CoryCookFinalProject535Cory Cook
 
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERA STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERJournal For Research
 
Measuring ATR: IETF 101
Measuring ATR: IETF 101Measuring ATR: IETF 101
Measuring ATR: IETF 101APNIC
 
A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...Mumbai Academisc
 
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issues
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issuesNetwork analysis Using Wireshark Lesson 12 - bandwidth and delay issues
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issuesYoram Orzach
 
Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...
Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...
Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...Editor IJCATR
 
Snmp based network monitoring system
Snmp based network monitoring systemSnmp based network monitoring system
Snmp based network monitoring systemsweta dargad
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
 
Architecture for SNMP based Network Monitoring System
Architecture for SNMP based Network Monitoring SystemArchitecture for SNMP based Network Monitoring System
Architecture for SNMP based Network Monitoring Systemsweta dargad
 
Network analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture FiltersNetwork analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture FiltersYoram Orzach
 
Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...
Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...
Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...IRJET Journal
 
A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...IJCERT
 

What's hot (20)

Intrusion detection in heterogeneous network by multipath routing based toler...
Intrusion detection in heterogeneous network by multipath routing based toler...Intrusion detection in heterogeneous network by multipath routing based toler...
Intrusion detection in heterogeneous network by multipath routing based toler...
 
Network traffic analysis course
Network traffic analysis courseNetwork traffic analysis course
Network traffic analysis course
 
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP AnalysisNetwork analysis Using Wireshark Lesson 11: TCP and UDP Analysis
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
 
Wsn protocols
Wsn protocolsWsn protocols
Wsn protocols
 
Network Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes NetNetwork Traffic Anomaly Detection Through Bayes Net
Network Traffic Anomaly Detection Through Bayes Net
 
Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17Networking for java and dotnet 2016 - 17
Networking for java and dotnet 2016 - 17
 
CoryCookFinalProject535
CoryCookFinalProject535CoryCookFinalProject535
CoryCookFinalProject535
 
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERA STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
 
Measuring ATR: IETF 101
Measuring ATR: IETF 101Measuring ATR: IETF 101
Measuring ATR: IETF 101
 
A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...A precise termination condition of the probabilistic packet marking algorithm...
A precise termination condition of the probabilistic packet marking algorithm...
 
Network stats using Gephi
Network stats using GephiNetwork stats using Gephi
Network stats using Gephi
 
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issues
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issuesNetwork analysis Using Wireshark Lesson 12 - bandwidth and delay issues
Network analysis Using Wireshark Lesson 12 - bandwidth and delay issues
 
Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...
Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...
Hop- by- Hop Message Authentication and Wormhole Detection Mechanism in Wirel...
 
Snmp based network monitoring system
Snmp based network monitoring systemSnmp based network monitoring system
Snmp based network monitoring system
 
SSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wiresharkSSL basics and SSL packet analysis using wireshark
SSL basics and SSL packet analysis using wireshark
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211
 
Architecture for SNMP based Network Monitoring System
Architecture for SNMP based Network Monitoring SystemArchitecture for SNMP based Network Monitoring System
Architecture for SNMP based Network Monitoring System
 
Network analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture FiltersNetwork analysis Using Wireshark 4: Capture Filters
Network analysis Using Wireshark 4: Capture Filters
 
Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...
Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...
Securing AODV Routing Protocol in MANET to Detect Wormhole Attack Using NMAC ...
 
A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...A System for Denial of Service Attack Detection Based On Multivariate Corelat...
A System for Denial of Service Attack Detection Based On Multivariate Corelat...
 

Similar to Encrypted traffic malware detection twiml

DSP Based Implementation of Scrambler for 56kbps Modem
DSP Based Implementation of Scrambler for 56kbps ModemDSP Based Implementation of Scrambler for 56kbps Modem
DSP Based Implementation of Scrambler for 56kbps ModemCSCJournals
 
Globecom 2015: Adaptive Raptor Carousel for 802.11
Globecom 2015: Adaptive Raptor Carousel for 802.11Globecom 2015: Adaptive Raptor Carousel for 802.11
Globecom 2015: Adaptive Raptor Carousel for 802.11Andrew Nix
 
Bioinfo ngs data format visualization v2
Bioinfo ngs data format visualization v2Bioinfo ngs data format visualization v2
Bioinfo ngs data format visualization v2Li Shen
 
By passing infected areas in wireless sensor networks using bpr
By passing infected areas in wireless sensor networks using bprBy passing infected areas in wireless sensor networks using bpr
By passing infected areas in wireless sensor networks using bprLogicMindtech Nologies
 
CTF: Anomaly Detection in High-Dimensional Time Series with Coarse-to-Fine Mo...
CTF: Anomaly Detection in High-Dimensional Time Series with Coarse-to-Fine Mo...CTF: Anomaly Detection in High-Dimensional Time Series with Coarse-to-Fine Mo...
CTF: Anomaly Detection in High-Dimensional Time Series with Coarse-to-Fine Mo...ssuser9357dd
 
PROTOCLOS-محول.pptx
PROTOCLOS-محول.pptxPROTOCLOS-محول.pptx
PROTOCLOS-محول.pptxssuser786dd4
 
Feature selection for detection of peer to-peer botnet traffic
Feature selection for detection of peer to-peer botnet trafficFeature selection for detection of peer to-peer botnet traffic
Feature selection for detection of peer to-peer botnet trafficPratik Narang
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detectingjpstudcorner
 
Next-generation sequencing format and visualization with ngs.plot
Next-generation sequencing format and visualization with ngs.plotNext-generation sequencing format and visualization with ngs.plot
Next-generation sequencing format and visualization with ngs.plotLi Shen
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Praveen Joshi
 
Realtime, Non-Intrusive Evaluation of VoIP Using Genetic Programming
Realtime, Non-Intrusive Evaluation of VoIP Using Genetic ProgrammingRealtime, Non-Intrusive Evaluation of VoIP Using Genetic Programming
Realtime, Non-Intrusive Evaluation of VoIP Using Genetic Programmingadil raja
 
IRJET- Performance Improvement of Wireless Network using Modern Simulation Tools
IRJET- Performance Improvement of Wireless Network using Modern Simulation ToolsIRJET- Performance Improvement of Wireless Network using Modern Simulation Tools
IRJET- Performance Improvement of Wireless Network using Modern Simulation ToolsIRJET Journal
 
Packet hiding methods for preventing selective jamming attacks
Packet hiding methods for preventing selective jamming attacksPacket hiding methods for preventing selective jamming attacks
Packet hiding methods for preventing selective jamming attackseSAT Publishing House
 
Neural Networks in Data Mining - “An Overview”
Neural Networks in Data Mining - “An Overview”Neural Networks in Data Mining - “An Overview”
Neural Networks in Data Mining - “An Overview”Dr.(Mrs).Gethsiyal Augasta
 
Edge throughput enhancement
Edge throughput enhancementEdge throughput enhancement
Edge throughput enhancementsmhassan159
 
Security in Large Networks by Raja Velampalli
Security in Large Networks by Raja VelampalliSecurity in Large Networks by Raja Velampalli
Security in Large Networks by Raja VelampalliRaja Velampalli
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMFrank Brockners
 

Similar to Encrypted traffic malware detection twiml (20)

DSP Based Implementation of Scrambler for 56kbps Modem
DSP Based Implementation of Scrambler for 56kbps ModemDSP Based Implementation of Scrambler for 56kbps Modem
DSP Based Implementation of Scrambler for 56kbps Modem
 
Globecom 2015: Adaptive Raptor Carousel for 802.11
Globecom 2015: Adaptive Raptor Carousel for 802.11Globecom 2015: Adaptive Raptor Carousel for 802.11
Globecom 2015: Adaptive Raptor Carousel for 802.11
 
Bioinfo ngs data format visualization v2
Bioinfo ngs data format visualization v2Bioinfo ngs data format visualization v2
Bioinfo ngs data format visualization v2
 
By passing infected areas in wireless sensor networks using bpr
By passing infected areas in wireless sensor networks using bprBy passing infected areas in wireless sensor networks using bpr
By passing infected areas in wireless sensor networks using bpr
 
CTF: Anomaly Detection in High-Dimensional Time Series with Coarse-to-Fine Mo...
CTF: Anomaly Detection in High-Dimensional Time Series with Coarse-to-Fine Mo...CTF: Anomaly Detection in High-Dimensional Time Series with Coarse-to-Fine Mo...
CTF: Anomaly Detection in High-Dimensional Time Series with Coarse-to-Fine Mo...
 
PROTOCLOS-محول.pptx
PROTOCLOS-محول.pptxPROTOCLOS-محول.pptx
PROTOCLOS-محول.pptx
 
Feature selection for detection of peer to-peer botnet traffic
Feature selection for detection of peer to-peer botnet trafficFeature selection for detection of peer to-peer botnet traffic
Feature selection for detection of peer to-peer botnet traffic
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
 
Next-generation sequencing format and visualization with ngs.plot
Next-generation sequencing format and visualization with ngs.plotNext-generation sequencing format and visualization with ngs.plot
Next-generation sequencing format and visualization with ngs.plot
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2
 
Macs course
Macs courseMacs course
Macs course
 
Realtime, Non-Intrusive Evaluation of VoIP Using Genetic Programming
Realtime, Non-Intrusive Evaluation of VoIP Using Genetic ProgrammingRealtime, Non-Intrusive Evaluation of VoIP Using Genetic Programming
Realtime, Non-Intrusive Evaluation of VoIP Using Genetic Programming
 
IRJET- Performance Improvement of Wireless Network using Modern Simulation Tools
IRJET- Performance Improvement of Wireless Network using Modern Simulation ToolsIRJET- Performance Improvement of Wireless Network using Modern Simulation Tools
IRJET- Performance Improvement of Wireless Network using Modern Simulation Tools
 
Packet hiding methods for preventing selective jamming attacks
Packet hiding methods for preventing selective jamming attacksPacket hiding methods for preventing selective jamming attacks
Packet hiding methods for preventing selective jamming attacks
 
Neural Networks in Data Mining - “An Overview”
Neural Networks in Data Mining - “An Overview”Neural Networks in Data Mining - “An Overview”
Neural Networks in Data Mining - “An Overview”
 
Edge throughput enhancement
Edge throughput enhancementEdge throughput enhancement
Edge throughput enhancement
 
Security in Large Networks by Raja Velampalli
Security in Large Networks by Raja VelampalliSecurity in Large Networks by Raja Velampalli
Security in Large Networks by Raja Velampalli
 
Chap24
Chap24Chap24
Chap24
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
 
sequencea.ppt
sequencea.pptsequencea.ppt
sequencea.ppt
 

More from madhucharis

Questions and Young Minds .pptx
Questions and Young Minds .pptxQuestions and Young Minds .pptx
Questions and Young Minds .pptxmadhucharis
 
X ops ai-ml-sig-living-throught the hype-life cycle
X ops ai-ml-sig-living-throught the hype-life cycleX ops ai-ml-sig-living-throught the hype-life cycle
X ops ai-ml-sig-living-throught the hype-life cyclemadhucharis
 
Aspiring innovation journey
Aspiring innovation journeyAspiring innovation journey
Aspiring innovation journeymadhucharis
 
XOP's Roadmapping Self Innovation
XOP's Roadmapping Self InnovationXOP's Roadmapping Self Innovation
XOP's Roadmapping Self Innovationmadhucharis
 
XOP's ( DataOp's, MLOP's) Sig Poc
XOP's ( DataOp's, MLOP's) Sig PocXOP's ( DataOp's, MLOP's) Sig Poc
XOP's ( DataOp's, MLOP's) Sig Pocmadhucharis
 
AI Research/Problem Space
AI Research/Problem SpaceAI Research/Problem Space
AI Research/Problem Spacemadhucharis
 
Ai4life aiml-xops-sig
Ai4life aiml-xops-sigAi4life aiml-xops-sig
Ai4life aiml-xops-sigmadhucharis
 
Machine learning for encrypted traffic using restnet
Machine learning for encrypted traffic using restnetMachine learning for encrypted traffic using restnet
Machine learning for encrypted traffic using restnetmadhucharis
 
Classifier with deep deviation detection in poe iot devices
Classifier with deep deviation detection in poe iot devices Classifier with deep deviation detection in poe iot devices
Classifier with deep deviation detection in poe iot devices madhucharis
 
Long Term Evolution
Long Term EvolutionLong Term Evolution
Long Term Evolutionmadhucharis
 
Weather exploratory data analysis
Weather exploratory data analysisWeather exploratory data analysis
Weather exploratory data analysismadhucharis
 
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detectionIEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detectionmadhucharis
 
Classifier with Deep Deviation Detection in PoE-IoT devices
Classifier with Deep Deviation Detection in PoE-IoT devices Classifier with Deep Deviation Detection in PoE-IoT devices
Classifier with Deep Deviation Detection in PoE-IoT devices madhucharis
 
Researching artificial intelligence and machine learning a lgorithms final
Researching artificial intelligence and machine learning a lgorithms finalResearching artificial intelligence and machine learning a lgorithms final
Researching artificial intelligence and machine learning a lgorithms finalmadhucharis
 
Catalyzing Innovation
Catalyzing InnovationCatalyzing Innovation
Catalyzing Innovationmadhucharis
 
Heuristics and Data Science Supervised Machine Learning
Heuristics and Data Science Supervised Machine LearningHeuristics and Data Science Supervised Machine Learning
Heuristics and Data Science Supervised Machine Learningmadhucharis
 
Heuristics Data Science Life Cycle
Heuristics Data Science Life CycleHeuristics Data Science Life Cycle
Heuristics Data Science Life Cyclemadhucharis
 
Innovation workshop
Innovation workshopInnovation workshop
Innovation workshopmadhucharis
 
Explainable AI - Posters
Explainable AI - PostersExplainable AI - Posters
Explainable AI - Postersmadhucharis
 

More from madhucharis (20)

Questions and Young Minds .pptx
Questions and Young Minds .pptxQuestions and Young Minds .pptx
Questions and Young Minds .pptx
 
X ops ai-ml-sig-living-throught the hype-life cycle
X ops ai-ml-sig-living-throught the hype-life cycleX ops ai-ml-sig-living-throught the hype-life cycle
X ops ai-ml-sig-living-throught the hype-life cycle
 
Aspiring innovation journey
Aspiring innovation journeyAspiring innovation journey
Aspiring innovation journey
 
XOP's Roadmapping Self Innovation
XOP's Roadmapping Self InnovationXOP's Roadmapping Self Innovation
XOP's Roadmapping Self Innovation
 
XOP's ( DataOp's, MLOP's) Sig Poc
XOP's ( DataOp's, MLOP's) Sig PocXOP's ( DataOp's, MLOP's) Sig Poc
XOP's ( DataOp's, MLOP's) Sig Poc
 
AI Research/Problem Space
AI Research/Problem SpaceAI Research/Problem Space
AI Research/Problem Space
 
Ai4life aiml-xops-sig
Ai4life aiml-xops-sigAi4life aiml-xops-sig
Ai4life aiml-xops-sig
 
Machine learning for encrypted traffic using restnet
Machine learning for encrypted traffic using restnetMachine learning for encrypted traffic using restnet
Machine learning for encrypted traffic using restnet
 
Classifier with deep deviation detection in poe iot devices
Classifier with deep deviation detection in poe iot devices Classifier with deep deviation detection in poe iot devices
Classifier with deep deviation detection in poe iot devices
 
Long Term Evolution
Long Term EvolutionLong Term Evolution
Long Term Evolution
 
Weather exploratory data analysis
Weather exploratory data analysisWeather exploratory data analysis
Weather exploratory data analysis
 
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detectionIEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
IEEE Connect 2020 Novel TLS signature extraction for Encrypted malware detection
 
Classifier with Deep Deviation Detection in PoE-IoT devices
Classifier with Deep Deviation Detection in PoE-IoT devices Classifier with Deep Deviation Detection in PoE-IoT devices
Classifier with Deep Deviation Detection in PoE-IoT devices
 
Researching artificial intelligence and machine learning a lgorithms final
Researching artificial intelligence and machine learning a lgorithms finalResearching artificial intelligence and machine learning a lgorithms final
Researching artificial intelligence and machine learning a lgorithms final
 
Catalyzing Innovation
Catalyzing InnovationCatalyzing Innovation
Catalyzing Innovation
 
Heuristics and Data Science Supervised Machine Learning
Heuristics and Data Science Supervised Machine LearningHeuristics and Data Science Supervised Machine Learning
Heuristics and Data Science Supervised Machine Learning
 
Heuristics Data Science Life Cycle
Heuristics Data Science Life CycleHeuristics Data Science Life Cycle
Heuristics Data Science Life Cycle
 
Patents
PatentsPatents
Patents
 
Innovation workshop
Innovation workshopInnovation workshop
Innovation workshop
 
Explainable AI - Posters
Explainable AI - PostersExplainable AI - Posters
Explainable AI - Posters
 

Recently uploaded

➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...amitlee9823
 
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachBoston Institute of Analytics
 
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...gajnagarg
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Aspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraAspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraGovindSinghDasila
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Valters Lauzums
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...amitlee9823
 
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...amitlee9823
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...SUHANI PANDEY
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...amitlee9823
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKTimothy Spann
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...amitlee9823
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...amitlee9823
 
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night StandCall Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 

Recently uploaded (20)

➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
➥🔝 7737669865 🔝▻ Dindigul Call-girls in Women Seeking Men 🔝Dindigul🔝 Escor...
 
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bellandur ☎ 7737669865 🥵 Book Your One night Stand
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Detecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning ApproachDetecting Credit Card Fraud: A Machine Learning Approach
Detecting Credit Card Fraud: A Machine Learning Approach
 
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
Just Call Vip call girls roorkee Escorts ☎️9352988975 Two shot with one girl ...
 
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night StandCall Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Attibele ☎ 7737669865 🥵 Book Your One night Stand
 
Aspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraAspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - Almora
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
 
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
➥🔝 7737669865 🔝▻ Sambalpur Call-girls in Women Seeking Men 🔝Sambalpur🔝 Esc...
 
Anomaly detection and data imputation within time series
Anomaly detection and data imputation within time seriesAnomaly detection and data imputation within time series
Anomaly detection and data imputation within time series
 
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Bommasandra Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
 
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
➥🔝 7737669865 🔝▻ Mathura Call-girls in Women Seeking Men 🔝Mathura🔝 Escorts...
 
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night StandCall Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Shivaji Nagar ☎ 7737669865 🥵 Book Your One night Stand
 

Encrypted traffic malware detection twiml

  • 1. Encrypted Traffic Malware Detection NITIN BHARADWAJ MUTUKULA AND MADHUSOODHANA CHARI
  • 2. NOVEL FEATURE ENGINEERING FOR MALWARE TRAFFIC DATA MINING: FLOW PACKET LENGTH SEQUENCE: step 1 step 2 step 3 step 4 step 5 0 -> 40 -> 540 -> 48 -> 40 -> 100 Toggle 1 Toggle 2 Toggle 3 (forward) (backward) (forward) Existing Packet Length(PL) Features per flow: • Minimum PL: 40 • Maximum PL: 540 • Mean PL: 154 • Standard Deviation: 194 Novel Packet Length(PL) Features per flow: • Step count in forward direction: Min – 1, Max – 2, Mean – 1, Std. deviation – 0 • Step count in backward direction: Min – 2, Max – 2, Mean - 2, Std. deviation – 0 • Forward toggle count : 2 • Backward toggle count: 1 • Number of unique packet lengths: 4
  • 3. Patterns found in K-MEANS: Average distance within the cluster Clustering with existing flow attributes Clustering with newly added flow attributes cluster_1 1.110 0.312 cluster_2 11.443 2.708 cluster_3 13.301 11.487 cluster_4 20.682 22.733 cluster_5 NA 2.327 cluster_6 NA 13.092 cluster_7 NA 7.638 cluster_8 NA 9.858 Average 3.722 3.143 Davies Bouldin Index 0.859 0.839 Index Cluster ID Absolute count Fraction 1 cluster_0 38028 0.792 2 cluster_1 5122 0.10 3 cluster_2 3111 0.065 4 cluster_3 1769 0.037 Clustering with existing flow attributes Index Cluster ID Absolute count Fraction 1 cluster_0 29093 0.606 2 cluster_1 7940 0.165 3 cluster_6 3834 0.0798 4 cluster_5 2316 0.048 5 cluster_7 1686 0.035 6 cluster_3 1344 0.028 7 cluster_2 1023 0.021 8 cluster_4 794 0.0167 Clustering with newly added flow attributes
  • 4. Patterns found in DBSCAN: Benign Dataset:  Estimated number of clusters: 3  Estimated number of noise points: 1666  Silhouette Coefficient: 0.734 Malware Dataset:  Estimated number of clusters: 8  Estimated number of noise points: 3724  Silhouette Coefficient: 0.576
  • 5. Open questions/issues  Any better techniques to identify the optimal number of clusters for KMEANS and the optimal epsilon value for DBSCAN?  How to identify the best standardization technique for our dataset?  Is supervised learning a better approach in this context?
  • 7. Difficulties involved:  Hardware limitations of Switches and Routers.  Privacy concerns.  Traffic encryption.  Smart Malware creators
  • 8. FEATURES (PER FLOW):  Packet length based statistics per network flow in both directions.  Network flow- Sequence of packets from a particular source to a particular destination.  8 existing packet length features extracted by Netmate: Minimum, Maximum, Mean and Standard deviation of Packet lengths in forward and backward directions. Source IP Src port Dest IP Dest port Protocol Packet length statistics 172.16.5.203 49158 172.16.5.5 88 6 40,105,288,122,40,119,346,151