Abstract: A machine learning model for classifying encrypted traffic as benign or malicious without having to decrypt the traffic is provided that used traffic patterns from network logs to classify the traffic based on learned patterns for malware, and is capable of identifying zero-day malware is provided via: extracting encrypted traffic from communication logs for a network; identifying, from the encrypted traffic, while still encrypted, traffic patterns for users of the network; and classifying, via a machine learning model, the encrypted traffic as benign traffic or malicious traffic without decrypting the encrypted traffic according to the traffic patterns identified.

Abstract: A method for reducing unwanted data traffic in a computer network due to a Distributed Reflection Denial of Service (DRDoS) attack. The method comprises operating a filtering module in a normal mode or a blocking mode to allow or block requests from being communicated within a computer network in response to data from a honeypot device in the computer network. The method allows the honeypot device to continue to monitor further attack requests that are received during the DRDoS attack.

Abstract: A method for reducing unwanted data traffic in a computer network due to a Distributed Reflection Denial of Service (DRDoS) attack. The method comprises operating a filtering module in a normal mode or a blocking mode to allow or block requests from being communicated within a computer network in response to data from a honeypot device in the computer network. The method allows the honeypot device to continue to monitor further attack requests that are received during the DRDoS attack.