TL;DR
Whisper is a real-time machine learning system that uses frequency domain features to detect malicious network traffic accurately and efficiently, even against sophisticated evasion attacks.
Contribution
The paper introduces Whisper, a novel frequency domain feature-based ML system that enhances detection accuracy and throughput while improving robustness against evasion tactics.
Findings
Achieves up to 18.36% better detection accuracy than state-of-the-art systems.
Provides two orders of magnitude higher throughput.
Maintains around 90% detection accuracy under evasion attacks.
Abstract
Machine learning (ML) based malicious traffic detection is an emerging security paradigm, particularly for zero-day attack detection, which is complementary to existing rule based detection. However, the existing ML based detection has low detection accuracy and low throughput incurred by inefficient traffic features extraction. Thus, they cannot detect attacks in realtime especially in high throughput networks. Particularly, these detection systems similar to the existing rule based detection can be easily evaded by sophisticated attacks. To this end, we propose Whisper, a realtime ML based malicious traffic detection system that achieves both high accuracy and high throughput by utilizing frequency domain features. It utilizes sequential features represented by the frequency domain features to achieve bounded information loss, which ensures high detection accuracy, and meanwhile…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
