Representation learning for behavior classification in network traffic

Apr 27 - 28, 2017 · New York, United States of America

This month's meetup features Michal Sofka giving an introduction and overview of the network security problem (with the emphasis on network traffic data). He will present some practical algorithms on how to detect network security incidents.

The talk will be focused on applied machine learning and will be accessible to anyone with a general computer science background and related fields.


Network security incidents are composed of several events (steps or actions) that an attacker takes to compromise a targeted network. This talk proposes to learn event classifiers based on the analysis of network proxy logs that capture malware communication between client and server computers. The first proposed representation is computed for bags of samples (network traffic logs) and is designed to be invariant under various changes of the feature values due to the changes in malware communication. The discretized features are used to train a classifier along with the discretization parameters in a single convex optimization step.

In the second proposed representation, the events are identified from a sequence of proxy logs that are used as inputs to an LSTM network. The network learns to recognize the malware behavior mixed into the background traffic by automatically learning the representation of proxy logs and therefore communication to particular domains. Experimental evaluation will be presented on a large corpus of network communications collected from various company network environments.

This is a joint work with Vojtech Franc, Karel Bartos, and Ondrej Fikar.

Michal Sofka (homepage, Twitter) completed his undergraduate work at the Czech Technical University. He received the MS degree in Electrical Engineering from Union College in 2001. He received the MS and PhD degrees in Computer Science from the Rensselaer Polytechnic Institute (RPI) in 2006 and 2008, respectively. In 2004, he was a technical employee at Siemens Corporate Research. He joined the same company as a full time Research Scientist in 2008 and became a Project Manager in 2011. During this time, he managed and directly contributed to research and development projects for various Siemens business units and external customers. In 2013, Michal joined Cisco Systems where he developed new algorithms in the area of large scale traffic analysis for threat defense. In 2016, he joined 4Catalyzer to revolutionize healthcare by designing deep neural networks for analyzing data from new types of sensors. He published more than 32 technical articles in leading journals and conferences and more than 24 patent applications. 

Event organizers

Are you organizing Representation learning for behavior classification in network traffic?

Claim the event and start manage its content.

I am the organizer

based on 0 reviews