{"title":"基于流量的C2 TLS恶意流量检测中数据包采样技术的展望","authors":"Carlos Novo, J. M. Silva, Ricardo Morla","doi":"10.1109/NoF52522.2021.9609889","DOIUrl":null,"url":null,"abstract":"Packet sampling plays an important role in keeping storage and processing requirements at a manageable level in network management. However, because it reduces the amount of available information, it can also reduce the performance of some related tasks, such as detecting security events. In this context, this work explores how packet sampling impacts machine learning-based tasks, in particular, flow-based C2 TLS malware traffic detection using a deep neural network. Based on a proposed lightweight sampling scheme, the ongoing results show a small reduction in classification accuracy compared with analysing all the traffic, while reducing in 10 fold the number of packets processed.","PeriodicalId":314720,"journal":{"name":"2021 12th International Conference on Network of the Future (NoF)","volume":"70 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"An Outlook on using Packet Sampling in Flow-based C2 TLS Malware Traffic Detection\",\"authors\":\"Carlos Novo, J. M. Silva, Ricardo Morla\",\"doi\":\"10.1109/NoF52522.2021.9609889\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Packet sampling plays an important role in keeping storage and processing requirements at a manageable level in network management. However, because it reduces the amount of available information, it can also reduce the performance of some related tasks, such as detecting security events. In this context, this work explores how packet sampling impacts machine learning-based tasks, in particular, flow-based C2 TLS malware traffic detection using a deep neural network. Based on a proposed lightweight sampling scheme, the ongoing results show a small reduction in classification accuracy compared with analysing all the traffic, while reducing in 10 fold the number of packets processed.\",\"PeriodicalId\":314720,\"journal\":{\"name\":\"2021 12th International Conference on Network of the Future (NoF)\",\"volume\":\"70 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 12th International Conference on Network of the Future (NoF)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NoF52522.2021.9609889\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 12th International Conference on Network of the Future (NoF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NoF52522.2021.9609889","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Outlook on using Packet Sampling in Flow-based C2 TLS Malware Traffic Detection
Packet sampling plays an important role in keeping storage and processing requirements at a manageable level in network management. However, because it reduces the amount of available information, it can also reduce the performance of some related tasks, such as detecting security events. In this context, this work explores how packet sampling impacts machine learning-based tasks, in particular, flow-based C2 TLS malware traffic detection using a deep neural network. Based on a proposed lightweight sampling scheme, the ongoing results show a small reduction in classification accuracy compared with analysing all the traffic, while reducing in 10 fold the number of packets processed.