September 18, 2021

Malware Protection

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis. (arXiv:2106.14707v2 [cs.CR] UPDATED)

Machine learning (ML) based malicious traffic detection is an emerging
security paradigm, particularly for zero-day attack detection, which is
complementary to existing rule based detection. However, the existing ML based
detection has low detection accuracy and low throughput incurred by inefficient
traffic features extraction. Thus, they cannot detect attacks in realtime
especially in high throughput networks. Particularly, these detection systems
similar to the existing rule based detection can be easily evaded by
sophisticated attacks. To this end, we propose Whisper, a realtime ML based
malicious traffic detection system that achieves both high accuracy and high
throughput by utilizing frequency domain features. It utilizes sequential
features represented by the frequency domain features to achieve bounded
information loss, which ensures high detection accuracy, and meanwhile
constrains the scale of features to achieve high detection throughput.
Particularly, attackers cannot easily interfere with the frequency domain
features and thus Whisper is robust against various evasion attacks. Our
experiments with 42 types of attacks demonstrate that, compared with the
state-of-theart systems, Whisper can accurately detect various sophisticated
and stealthy attacks, achieving at most 18.36% improvement, while achieving two
orders of magnitude throughput. Even under various evasion attacks, Whisper is
still able to maintain around 90% detection accuracy.