This project focuses on detecting Advanced Persistent Threat (APT) activities in network traffic by extracting flow-based features and training deep learning models for classification task.
We used CICFlowMeter to extract statistical features from raw packet capture files (.pcap).
- Data source: Stratosphere Laboratory datasets
- Tool: CICFlowMeter
You can see some samples about dataset in "sample" folder. There are about 1000 samples.
The following models are implemented:
- GAN (Generative Adversarial Network): for generating synthetic network flow data (unbalanced dataset).
- ELModel (Ensemble Learning Model): combines of LSTM and Switch Transformer.
Run: python main.py