README.md

HyperVision

A demo of the flow interaction graph based attack traffic detection system, i.e., HyperVision:

Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis
In the $30^{th}$ Network and Distributed System Security Symposium (NDSS'23).
Chuanpu Fu, Qi Li, and Ke Xu.

The new CDN for the dataset has been successfully established. Please feel free to explore and utilize it! 🍺

0x00 Hardware

• AWS EC2 c4.4xlarge, 100GB SSD, canonical Ubuntu 22.04 LTS (amd64, 3/3/2023).
• Tencent Cloud CVM, with similar OS and hardware configurations.

0x01 Software

The demo can be built from a clean Ubuntu env.

# Establish env.
git clone https://github.com/fuchuanpu/HyperVision.git
cd HyperVision
sudo ./env/install_all.sh

# Download dataset.
wget https://www.hypervision.fuchuanpu.xyz/hypervision-dataset.tar.gz
tar -xxf hypervision-dataset.tar.gz
rm $_

# Build and run HyperVision.
./script/rebuild.sh
./script/expand.sh
cd build && ../script/run_all_brute.sh && cd ..

# Analyze the results.
cd ./result_analyze
./batch_analyzer.py -g brute
cat ./log/brute/*.log | grep AU_ROC
cd -

0x02 Reference

@inproceedings{NDSS23-HyperVision,
  author    = {Chuanpu Fu and
               others},
  title     = {Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow 
               Interaction Graph Analysis},
  booktitle = {NDSS},
  publisher = {ISOC},
  year      = {2023}
}