Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security 2021
DOI: 10.1145/3433210.3453101
|View full text |Cite
|
Sign up to set email alerts
|

MalPhase: Fine-Grained Malware Detection Using Network Flow Data

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
17
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
3
3
1

Relationship

2
5

Authors

Journals

citations
Cited by 21 publications
(17 citation statements)
references
References 33 publications
0
17
0
Order By: Relevance
“…At first sight, these techniques seem to hold great promise: the behavior of malware differs significantly from that of benign processes and MLbased behavioral models can easily and reliably exploit this difference to distinguish between these two classes of processes. Moreover, behavioral-based approaches are also able to correctly detect unseen malware samples, as long as these new samples exhibit some form of anomalous behavior with respect to benign processes, as showed by several recent works [4][5][6][7][8]. Finally, behavioral detectors generally use malware features arising from operations that are required to achieve the desired malicious behavior, and therefore are extremely hard to disguise or evade.…”
Section: Introductionmentioning
confidence: 99%
“…At first sight, these techniques seem to hold great promise: the behavior of malware differs significantly from that of benign processes and MLbased behavioral models can easily and reliably exploit this difference to distinguish between these two classes of processes. Moreover, behavioral-based approaches are also able to correctly detect unseen malware samples, as long as these new samples exhibit some form of anomalous behavior with respect to benign processes, as showed by several recent works [4][5][6][7][8]. Finally, behavioral detectors generally use malware features arising from operations that are required to achieve the desired malicious behavior, and therefore are extremely hard to disguise or evade.…”
Section: Introductionmentioning
confidence: 99%
“… The datasets collection enables researchers to experiment with DNS over HTTPS traffic recognition and pattern analysis. However, since the data are provided in raw packet captures, it can be suitable for other network traffic analysis tasks, e.g., it can be also used as a real-world benign traffic sample in malware identification challenges [10] , [11] . The datasets provide a large and unique combination of labeled traffic.…”
Section: Value Of the Datamentioning
confidence: 99%
“…AE are composed of two parts: the encoder, which compresses the original feature vector into the latent representation, and the decoder, which takes the output of the encoder and reconstructs the input. AE are generally used to extract robust features from a feature vector and aid classification [37], [38]. In our third architecture, we use the encoder portion of a trained autoencoder to pre-process samples into a compressed latent representation, which is then used as input by a fullyconnected NN.…”
Section: Model Architecture Extension: Autoencodersmentioning
confidence: 99%