Séminaire de Ahmed Ramzi Bahlali
Machine Learning for Encrypted Malicious Network Traffic Detection.
In this talk, I will delve into the application of data-driven approaches, specifically machine learning (ML) and deep learning (DL), for the detection of malicious encrypted network traffic. The increasing prevalence of encrypted traffic has significantly reduced the effectiveness of traditional methods like Deep Packet Inspection (DPI), which heavily rely on packet content. Additionally, conventional techniques such as Firewalls and Signature-based Intrusion Detection Systems encounter difficulties in identifying previously unseen attacks. As a result, the goal is to develop a data-driven system (ML or DL) that can be deployed at the network edge, capable of detecting both known and unknown malicious network traffic without the need for decryption. The design process of such a system involves the collection of raw network traffic data, representing normal and malicious behavior, and its transformation into a suitable format for ML or DL models by extracting pertinent features. Subsequently, model training and evaluation are conducted, often involving adjustments to optimize performance.
During this talk, I will provide some insights into how the problem is formulated from a data and classification standpoint. I will also discuss the challenges associated with data collection and labeling, the training and evaluation of proposed models, and the utilization of deep generative models (such as GPT-like models) for generating new attack samples, which can be challenging to obtain.