Data streams always consist of information about the content of the message and context of the message (metadata, protocol data, time, etc.). Traditional approaches to identifying malware are based on an analysis of the content of incoming data streams. However, in many areas this procedure is only possible to a limited extent for reasons of data protection or fails because contents are protected against access in encrypted form. In the APT-Sweeper project, on the other hand, the transmission context is analyzed. Because the malware can be hidden in different components of the context, advanced machine learning techniques are combined with approaches to filtering complex data streams. Thus, both the context and the format-specific structure of content in the analysis can be taken into account. In addition, the recognition of alien content is possible without relying on extensive prior knowledge of past attacks.