Abstract: In some embodiments, an example method may include capturing target data from a target flow of network packets between applications, generating a target image from the target data, and determining, based on the target image, an extent to which the target image matches one of a plurality of predetermined images in order to determine a likelihood that one or more of the applications matches one of a plurality of predetermined applications (e.g., applications that are predetermined to be malicious).
Abstract: Identifying network applications using images generated from payload data and time data. In some embodiments, a method may include capturing target payload data and target time data from a target flow of network packets between a target client application and a target server application, generating a target image from the target payload data and the target time data, and determining, based on the target image, an output including an extent to which the target image matches one of a plurality of predetermined images in order to determine a likelihood that the target client application and/or the target server application matches one of a plurality of predetermined client applications and/or one of a plurality of predetermined server applications.
Abstract: Identifying network applications using images generated from payload data and time data. In some embodiments, a method may include training a convolutional neural network with training images generated from training payload data and training time data from flows of network packets, capturing target payload data and target time data from a target flow of network packets between a target client application and a target server application, generating a target image from the target payload data and the target time data, providing the target image as input to the trained convolutional neural network, and employing the trained convolutional neural network to determine an output including an extent to which the target image matches one of the training images in order to determine a likelihood that the target client application and/or the target server application matches one of the training client applications and/or one of the training server applications.