• Home
  • Attack
  • Detect
  • Predict
  • Dataset
  • Contact Us
        • T1-24–01–S–N–CL
        • T2-24–01–S–N–CL
        • T3-24–01–S–N–CL
        • T4-24–01–S–E–M
        • T5-24–01–S–E–LM
        • T6-24–01–S–E–FH
        • T7-24–01–M–NE–CLM
        • T8-24–01–M–NE–CFHL
        • T9-24–01–M–NE–CLM
        • T1-24–02–S–N–CIKM
        • T2-24–02–S–N–CL
        • T3-24–02–S–N–CL
        • T4-24-02-S-E-M
        • T5-24-02-S-E-DL
        • T6-24-02-S-E-DEGN
        • T7-24-02-M-NE-CDEGLN
        • T8-24-02-M-NE-CDL
        • T9-24-02-M-NE-CLH
        • T1-25–01–S–N–CD
        • T2-25–01–S–N–CL
        • T3-25–01–S–N–CD
        • T4-25-01-S-E-FH
        • T5-25-01-S-E-CL
        • T6-25-01-S-E-CL
        • T7-25-01-M-NE-CDN
        • T8-25-01-M-NE-CLFH
        • T9-25-01-M-NE-CDFH
      • Model Description
      • Explainable AI
  • Architecture of the T9 Malicious Network Detection Model
  • This section describes the detection pipeline implemented in the T9 Detect module.

    The architecture integrates multiple processing stages—from traffic preprocessing to AI-based inference—to deliver scalable, accurate, and interpretable malicious network detection.

  • Model Components
  • Figure T9 Detect model architecture producing malicious labels and confidence scores from merged network data.

  • T9 provides an AI-driven detection framework designed to identify malicious network activities across diverse environments.

    • Merge Network Data
    • Preprocessed network representations are merged into a unified input format, enabling consistent learning across heterogeneous traffic features.
    • Input Layer
    • The merged network data is fed into the model as structured input, serving as the foundation for downstream representation learning.
    • Encoder
    • The encoder consists of multiple stacked layers with positional encoding, enabling the model to capture sequential patterns and contextual relationships within the input data. Through hierarchical representation learning, the encoder generates a compact and informative latent representation of network behavior.
    • Encoder Output
    • The encoded representation summarizes critical behavioral patterns and is forwarded to downstream components for task-specific inference.
    • Decoder
    • The decoder refines the encoded representation through multiple decoding layers, preparing task-relevant features for decision making.
    • Task Mapping Layer
    • The task mapping layer transforms decoder outputs into a task-specific feature space aligned with malicious traffic classification.
    • Classification Layer
    • The classification layer assigns each input to predefined classes by analyzing task-mapped features, enabling discrimination between benign and malicious behaviors.
    • Detection Result
    • The final output consists of a predicted malicious label along with a confidence score, providing both classification results and quantitative detection strength.


  • Outcome
    • Accurate detection across diverse and evolving attack types
    • Robust generalization to previously unseen threats
    • Transparent and trustworthy decisions supported by explainable AI


  • Copyright(C) 2024, KAIST Cyber Security Reserch Center. All Rights Reserved.