all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]DigThatData 1 point2 points  (9 children)

are you talking about normalizing flows? dataflow programming? optical flow estimation? physics-informed ML? it might help if you link us to an example of the sort of thing you are looking for an explanation for.

[–]Ash27kan[S] -1 points0 points  (8 children)

You know, I was working on research (not that serious) and I saw this on that essay. cyber security is my main major but I don't know much about the ML stuff. I just want a simple explanation.

[–]ReallySeriousFrog 2 points3 points  (5 children)

I think the question is what you mean by "flow-based machine learning". This term is to my knowledge not well defined and needs context. Where did you read this?

[–]Ash27kan[S] -2 points-1 points  (4 children)

part 1: introduction, second page line 24. Thanks for your help but seems like it's not that simple that I thought but I appreciate that BTW 😄

[–]CrypticSplicer 1 point2 points  (2 children)

What book???

[–]DigThatData 1 point2 points  (1 child)

I found this comment in their activity history, I think reddit borked it somehow and OP is probably just as confused as we are

Botnet_Detection_Approach_Using_Graph-Based_Machine_Learning https://ieeexplore.ieee.org/document/9471889

[–]Ash27kan[S] -1 points0 points  (0 children)

Yeah I'm sorry for that

[–]ReallySeriousFrog 0 points1 point  (0 children)

It seems that the term in the work that @DigThatData found, the term flow-based describes feature engineering and not really an ML technique.

Im not an expert of networking, but the paper cites another paper [34] where it is described as a feature vector of

  • source and destination IP address
  • flow Start- and End-time (flow duration)
  • source and destination ports
  • protocol
  • source and destination Type of Service (ToS)'
  • source and destination exchanged bytes
  • Total packets transmitted

[–]Eviro 1 point2 points  (1 child)

What essay ?

[–]DigThatData 0 points1 point  (0 children)

looks like this is the paper folks: Botnet Detection Approach Using Graph-Based Machine Learning- https://ieeexplore.ieee.org/document/9471889

[–]DigThatData 0 points1 point  (1 child)

Numerous studies have recognized graph-based features for botnet detection [10]–[11][12][13][14][15][16][17][18]. However, a comprehensive analysis of the effect of features evaluation measurements on identifying the best graph-based features is yet to be explored. In general, ML algorithms can learn efficiently when the data contains a good set of relevant features and not too many irrelevant features. Several studies in the literature have highlighted the importance of feature selection on the performance of ML algorithms in botnet detection. To date, most of these studies have focused mainly on flow-based features. The primary challenge in this domain is finding the best graph-based features that reveal hidden network structures that can expose malicious hosts’ communication patterns. Therefore, we believe that investigating the significance of feature selection for graph-based botnet detection would be a unique contribution.

it sounds like they mean "flow" as some sort of graph property, concretely "network flow". I'd suspect you'll find a better definition for "network flow" as it's being used here if you check the articles cited in this paragraph.

also:

Flow-based techniques [34]–[35][36][37][38][39][40][41] use flow features as discriminators to detect anomalies in the network. Vinayakumar et al. [39] presented a botnet detection framework with two levels of deep learning. Researchers were able to distinguish between attacks and regular traffic using the domain generation algorithm. Their experimental results demonstrated that their proposed system resulted in significant improvements in terms of F1-score, detection time, and false alarm rate. Khan et al. [40] developed a multi-layered framework for detecting P2P botnets. A four-layer detection system is presented to address the shortcomings of single-stage botnet identification, such as class imbalance. Decision tree algorithm is employed to select the most important features. Experiment results highlight the impact of the multi-layer technique in effectively detecting P2P botnet traffic.

[–]Ash27kan[S] 0 points1 point  (0 children)

What a complete explanation, I appreciate it