STACK-HAC FOR MACHINE LEARNING BASED BOTNET DETECTION
Discussed herein are devices, systems, and methods for detecting anomalous or malicious processes based on a network session. A method includes receiving a network session, implementing a stacked hierarchical agglomerative clustering (HAC) algorithm that operates multiple HAC algorithms to identify...
Gespeichert in:
1. Verfasser: | |
---|---|
Format: | Patent |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Discussed herein are devices, systems, and methods for detecting anomalous or malicious processes based on a network session. A method includes receiving a network session, implementing a stacked hierarchical agglomerative clustering (HAC) algorithm that operates multiple HAC algorithms to identify respective clusters to which the network session maps, each HAC algorithm of the StackHAC algorithm operates using a different linkage function and distance pair, appending the respective clusters from the multiple HAC algorithms to a feature vector representing the network session resulting in an augmented feature space, and determining, using a classifier or clustering model that operates using the augmented feature space as input, whether each of the network sessions is associated with a network intrusion. |
---|