A demo of the flow interaction graph based attack traffic detection system, i.e., HyperVision:
Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis
In the
Chuanpu Fu, Qi Li, and Ke Xu.
The new CDN for the dataset has been successfully established. Please feel free to explore and utilize it! 🍺
- AWS EC2 c4.4xlarge, 100GB SSD, canonical
Ubuntu
22.04 LTS (amd64, 3/3/2023). - Tencent Cloud CVM, with similar OS and hardware configurations.
The demo can be built from a clean Ubuntu
env.
# Establish env.
git clone https://github.com/fuchuanpu/HyperVision.git
cd HyperVision
sudo ./env/install_all.sh
# Download dataset.
wget https://www.hypervision.fuchuanpu.xyz/hypervision-dataset.tar.gz
tar -xxf hypervision-dataset.tar.gz
rm $_
# Build and run HyperVision.
./script/rebuild.sh
./script/expand.sh
cd build && ../script/run_all_brute.sh && cd ..
# Analyze the results.
cd ./result_analyze
./batch_analyzer.py -g brute
cat ./log/brute/*.log | grep AU_ROC
cd -
@inproceedings{NDSS23-HyperVision,
author = {Chuanpu Fu and
others},
title = {Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow
Interaction Graph Analysis},
booktitle = {NDSS},
publisher = {ISOC},
year = {2023}
}