beta
/Cross Protocol Malware Traffic Detection Using A Two-layer Ml Architecture
Abstract

A system, method, and device for classifying traffic is disclosed. The method includes (i) correlating a plurality of network traffic sessions with same source indicators to obtain correlated network traffic, (ii) classifying the plurality of network traffic sessions based at least in part on a plurality of first-layer classifiers to obtain a set of first-layer classifications, wherein the plurality of first-layer classifiers are respectively associated with a plurality of protocols, and (iii) determining a second-layer classification for the correlated network traffic based at least in part on the set of first-layer classifications.

Full Text

What is claimed is:

A system, method, and device for classifying traffic is disclosed. The method includes (i) correlating a plurality of network traffic sessions with same source indicators to obtain correlated network traffic, (ii) classifying the plurality of network traffic sessions based at least in part on a plurality of first-layer classifiers to obtain a set of first-layer classifications, wherein the plurality of first-layer classifiers are respectively associated with a plurality of protocols, and (iii) determining a second-layer classification for the correlated network traffic based at least in part on the set of first-layer classifications.
Timeline
Filed
03/05/2026
Published
07/09/2026
Granted
Not Available
IPC Codes(5)
H04L 9/40:Network security protocols
G06F 21/55:Detecting local intrusion or implementing counter-measures
G06N 20/20:Ensemble learning