MalDetectFormer: Leveraging Sparse SpatioTemporal Information for Effective Malicious Traffic Detection

Shuai Zhang; Yu Fan; Haoyi Zhou; Bo Li

doi:10.1609/aaai.v39i21.34411

Authors

Shuai Zhang Zhongguancun Laboratory, Beijing, P.R.China
Yu Fan SKLCCSE, School of Computer Science and Engineering, Beihang University, Beijing, P.R.China
Haoyi Zhou Zhongguancun Laboratory, Beijing, P.R.China SKLCCSE, School of Computer Science and Engineering, Beihang University, Beijing, P.R.China
Bo Li Zhongguancun Laboratory, Beijing, P.R.China SKLCCSE, School of Computer Science and Engineering, Beihang University, Beijing, P.R.China

DOI:

https://doi.org/10.1609/aaai.v39i21.34411

Abstract

Malicious traffic detection is one of the main challenges in the field of cybersecurity. Although modern deep learning methods have made progress in identifying malicious traffic, they often overlook the persistent nature of attack behaviors, making it difficult to distinguish between malicious and normal traffic at a single observation point. To address this issue, we propose MalDetectFormer, which aims to accurately capture the spatiotemporal dynamics of malicious traffic. By incorporating a sparse attention mechanism, MalDetectFormer can efficiently focus on key characteristics of traffic nodes while overcoming the challenges faced by traditional long-sequence processing. Additionally, by adopting a time-cyclic attention mechanism, the model can identify and capture persistent attack patterns of malicious traffic. Experiments conducted on benchmark datasets demonstrate the advantages of the proposed MalDetectFormer in both malicious traffic detection and malicious attack recognition tasks.

MalDetectFormer: Leveraging Sparse SpatioTemporal Information for Effective Malicious Traffic Detection

Authors

DOI:

Abstract

Downloads

Published

How to Cite

Issue

Section

Information