STACK-HAC FOR MACHINE LEARNING BASED BOTNET DETECTION

Discussed herein are devices, systems, and methods for detecting anomalous or malicious processes based on a network session. A method includes receiving a network session, implementing a stacked hierarchical agglomerative clustering (HAC) algorithm that operates multiple HAC algorithms to identify...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Leslie, Nandi O
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Discussed herein are devices, systems, and methods for detecting anomalous or malicious processes based on a network session. A method includes receiving a network session, implementing a stacked hierarchical agglomerative clustering (HAC) algorithm that operates multiple HAC algorithms to identify respective clusters to which the network session maps, each HAC algorithm of the StackHAC algorithm operates using a different linkage function and distance pair, appending the respective clusters from the multiple HAC algorithms to a feature vector representing the network session resulting in an augmented feature space, and determining, using a classifier or clustering model that operates using the augmented feature space as input, whether each of the network sessions is associated with a network intrusion.