Besides incoming blacklisted connections, external to internal traffic isn't super useful in any of our analysis modules. And incoming blacklisted connections is of questionable usefulness as well since the things that normally scan everything on the internet will also normally end up on blacklists. We're not trying to detect someone attacking coming in. We're trying to detect already compromised
Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.
A project can identify an app from its network traffic. Extract 8 features from network packets, use 5 different parameters SVM algorithms on Spark to train a model. The accuracy is around 88.4%.
Besides incoming blacklisted connections, external to internal traffic isn't super useful in any of our analysis modules. And incoming blacklisted connections is of questionable usefulness as well since the things that normally scan everything on the internet will also normally end up on blacklists. We're not trying to detect someone attacking coming in. We're trying to detect already compromised