A demo of the flow interaction graph based attack traffic detection system, i.e., HyperVision:
Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis
In the
Chuanpu Fu, Qi Li, and Ke Xu.
Please feel free to contact me ๐.
- AWS EC2 c4.4xlarge, 100GB SSD, canonical
Ubuntu
22.04 LTS (amd64, 3/3/2023). - Tencent Cloud CVM, with similar OS and hardware configurations.
The demo can be built from a clean Ubuntu
env.
# Establish env.
git clone https://github.com/fuchuanpu/HyperVision.git
cd HyperVision
sudo ./env/install_all.sh
# Download dataset.
wget https://hypervision-publish.s3.cn-north-1.amazonaws.com.cn/hypervision-dataset.tar.gz
tar -xxf hypervision-dataset.tar.gz
rm $_
# Build and run HyperVision.
./script/rebuild.sh
./script/expand.sh
cd build && ../script/run_all_brute.sh && cd ..
# Analyze the results.
cd ./result_analyze
./batch_analyzer.py -g brute
cat ./log/brute/*.log | grep AU_ROC
cd -
@inproceedings{NDSS23-HyperVision,
author = {Chuanpu Fu and
others},
title = {Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow
Interaction Graph Analysis},
booktitle = {NDSS},
publisher = {ISOC},
year = {2023}
}