Location
Poster Presentations
Department
Computer Science
Start Date
11-7-2019 1:30 PM
End Date
11-7-2019 2:30 PM
Description
The landscape of network analysis is ever-evolving as the fields of technology and business progress. While the landscape of the analysis may change, at the core of network analysis is the detection of malicious activity. In real-time traffic flow, it is non-trivial to determine whether a particular flow is malicious in nature. Most malicious software (malware) analysis is done after the flow has already reached its end target, and is analyzed in the form of network traffic captures. For any network analysis system, it is important that the privacy of the data being transmitted it not compromised in the process. Using network contextual flow data, it is possible to analyze and classify network traffic without compromising the encrypted data being transported.
In this project, we analyzed the impact of using the Intel Data Analytics Acceleration Library (DAAL) to expedite the analysis and inference of encrypted network traffic for the presence of malware. The DAAL package enables the acceleration of analytics through its design to target Intel hardware, being developed in a combination of C and assembly language for their architecture. With its streamlined design, using the library allows for analysis to take place many times faster than using the typical python framework and data analysis libraries, such as scikit-learn. Using these tools developed by Intel, our team designed an inference system that is capable of performing real-time analysis of network flows to detect malicious activity.
Recommended Citation
Manning, Derek, "Applying Machine Learning to Encrypted Network Traffic for Malware Detection" (2019). Landmark Conference Summer Research Symposium. 12.
https://jayscholar.etown.edu/landmark/2019/july11/12
Included in
Applying Machine Learning to Encrypted Network Traffic for Malware Detection
Poster Presentations
The landscape of network analysis is ever-evolving as the fields of technology and business progress. While the landscape of the analysis may change, at the core of network analysis is the detection of malicious activity. In real-time traffic flow, it is non-trivial to determine whether a particular flow is malicious in nature. Most malicious software (malware) analysis is done after the flow has already reached its end target, and is analyzed in the form of network traffic captures. For any network analysis system, it is important that the privacy of the data being transmitted it not compromised in the process. Using network contextual flow data, it is possible to analyze and classify network traffic without compromising the encrypted data being transported.
In this project, we analyzed the impact of using the Intel Data Analytics Acceleration Library (DAAL) to expedite the analysis and inference of encrypted network traffic for the presence of malware. The DAAL package enables the acceleration of analytics through its design to target Intel hardware, being developed in a combination of C and assembly language for their architecture. With its streamlined design, using the library allows for analysis to take place many times faster than using the typical python framework and data analysis libraries, such as scikit-learn. Using these tools developed by Intel, our team designed an inference system that is capable of performing real-time analysis of network flows to detect malicious activity.
Comments
Faculty mentor: Peilong Li, Elizabethtown College