Tento projekt je spolufinancován se státní podporou Technologické gentury ČR v rámci 3. veřejná soutěž - Programu průmyslového výzkumu a experimentálního vývoje TREND, PODPROGRAM 1 TECHNOLOGIČTÍ LÍDŘI
www.tacr.cz
Výzkum užitečný pro společnost.

Project Details

Analýza šifrovaného provozu založena na kontextové analýze pomocí flow dat

Project Period: 1. 1. 2021 - 31. 12. 2023

Project Type: grant

Code: FW03010099

Agency: Technology Agency of the Czech Republic

Program: 3. veřejná soutěž - Program průmyslového výzkumu a experimentálního vývoje TREND, PODPROGRAM 1 TECHNOLOGIČTÍ LÍDŘI

English title
Context-based Encrypted Traffic Analysis Using Flow Data
Type
grant
Keywords

context-based analysis, NetFlow records relationship, encrypted traffic analysis

Abstract

The goal of the project is to design a new system for threat detection using contextual NetFlow analysis. This analysis is based on revealing the relationships between individual network traffic records without the need to decrypt the traffic to improve the analysis capabilities compared to the classical approach, which is based on the analysis of only individual records in isolation. With the new type of analysis, it is possible to identify threats that are currently hidden due to encryption and, at the same time, provide network administrators additional information to create an overall picture of the state of the network, services, or applications used.

Team members
Ryšavý Ondřej, doc. Ing., Ph.D. (UIFS FIT VUT) , research leader
Matoušek Petr, doc. Ing., Ph.D., M.A. (UIFS FIT VUT) , team leader
Hranický Radek, Ing., Ph.D. (UIFS FIT VUT)
Publications

2023

  • RADER Roman, JEŘÁBEK Kamil and RYŠAVÝ Ondřej. Detecting DoH-Based Data Exfiltration: FluBot Malware Case Study. In: IEEE 48th Conference on Local Computer Networks (LCN). Daytona Beach: IEEE Computer Society, 2023, pp. 50-54. ISBN 979-8-3503-0074-1. Detail
  • JEŘÁBEK Kamil, HYNEK Karel, RYŠAVÝ Ondřej and BURGETOVÁ Ivana. DNS over HTTPS Detection Using Standard Flow Telemetry. IEEE Access, vol. 2023, no. 11, pp. 50000-50012. ISSN 2169-3536. Detail
Products

2023

  • A malware detection system based on context analysis, software, 2023
    Authors: Ryšavý Ondřej, Holkovič Martin, Matoušek Petr, Minařík Pavel, Aleš Šnupárek, Hojdar Štěpán, Jan Střítežský, Unzeitig Marek Detail

2022

  • A system for discovering relationships between network flows (NetFlow/IPFIX), software, 2022
    Authors: Ryšavý Ondřej, Holkovič Martin, Matoušek Petr, Minařík Pavel, Aleš Šnupárek, Jan Střítežský Detail

2021

  • System for detecting encrypted DNS communication, software, 2021
    Authors: Jeřábek Kamil, Minařík Pavel, Holkovič Martin Detail
Back to top