Sequence Mining for Explainable Behavioral Analysis of Network Attacks (TUD)

Sequence Mining for Explainable Behavioral Analysis of Network Attacks (TUD)

A software’s behavior can be modeled from the sequential data it generates. Sequence mining is powerful because the order of events can reveal information about the nature of events. Network traffic is a type of sequential data, where pattern mining is a challenging problem as it operates in an unsupervised setting without a clear distinction between noise and genuine malicious events. In this project, we aim to preserve the temporal nature of input data for extracting meaningful patterns. This can be used to build powerful analysis systems that provide insights into the behavior of software without requiring a boatload of data. To this end, we develop unsupervised machine learning methods with intrinsic support for sequences, including the design of appropriate evaluation metrics for unsupervised sequential machine learning. Dynamic Time Warping is a popular distance measure that has been used to measure similarity between sequences in different domains. We investigate the extent to which it can be used for network traffic analysis.

Contact person: Azqa Nadeem