We present a demo of behaviour-based similarity retrieval in network traffic data. The underlying framework is intended to support domain experts searching for network nodes (computers) infected by malicious software, especially in cases when single client-server communication does not have to be sufficient to reliably identify the infection. The focus is on interactive browsing enabling dynamic changes of the retrieval model, which is based on a recently proposed statistical description (fingerprint) of a communication between two network hosts and the bag of features approach. The demo/framework provides unique insight into the data and enables annotation of the data and model modifications during the search for more effective identification of infected hosts.
CITATION STYLE
Lokoč, J., Grošup, T., Čech, P., Pevný, T., & Skopal, T. (2017). Malware discovery using behaviour-based exploration of network traffic. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10609 LNCS, pp. 315–323). Springer Verlag. https://doi.org/10.1007/978-3-319-68474-1_22
Mendeley helps you to discover research relevant for your work.