Early-Stage Detection of Encrypted Malware Traffic via Multi-Flow Temporal Graph Learning

Malware often encrypts its network traffic (data sent over the internet) to hide its activities, making it hard to detect using traditional methods. Most existing detection systems need complete traffic data to work well, but this research presents DawnGuard, a new system that can identify encrypted malware traffic very early in an attack, when only a small amount of data is available, by using temporal graph learning (analyzing how multiple network connections relate to each other over time) and a Vision Transformer (a type of deep learning model that captures patterns across data). The system achieved 95.11% accuracy using just the first 20% of traffic data.