Výzkum užitečný pro společnost.
Project Details
Analýza šifrovaného provozu založena na kontextové analýze pomocí flow dat
Project Period: 1. 1. 2021 - 31. 12. 2023
Project Type: grant
Code: FW03010099
Agency: Technology Agency of the Czech Republic
Program: 3. veřejná soutěž - Program průmyslového výzkumu a experimentálního vývoje TREND, PODPROGRAM 1 TECHNOLOGIČTÍ LÍDŘI
context-based analysis, NetFlow records relationship, encrypted traffic analysis
The goal of the project is to design a new system for threat detection using contextual NetFlow analysis. This analysis is based on revealing the relationships between individual network traffic records without the need to decrypt the traffic to improve the analysis capabilities compared to the classical approach, which is based on the analysis of only individual records in isolation. With the new type of analysis, it is possible to identify threats that are currently hidden due to encryption and, at the same time, provide network administrators additional information to create an overall picture of the state of the network, services, or applications used.
Matoušek Petr, doc. Ing., Ph.D., M.A. (UIFS FIT VUT) , team leader
Hranický Radek, Ing., Ph.D. (UIFS FIT VUT)
2023
- RADER Roman, JEŘÁBEK Kamil and RYŠAVÝ Ondřej. Detecting DoH-Based Data Exfiltration: FluBot Malware Case Study. In: IEEE 48th Conference on Local Computer Networks (LCN). Daytona Beach: IEEE Computer Society, 2023, pp. 50-54. ISBN 979-8-3503-0074-1. Detail
- JEŘÁBEK Kamil, HYNEK Karel, RYŠAVÝ Ondřej and BURGETOVÁ Ivana. DNS over HTTPS Detection Using Standard Flow Telemetry. IEEE Access, vol. 2023, no. 11, pp. 50000-50012. ISSN 2169-3536. Detail
2023
- A malware detection system based on context analysis, software, 2023
Authors: Ryšavý Ondřej, Holkovič Martin, Matoušek Petr, Minařík Pavel, Aleš Šnupárek, Hojdar Štěpán, Jan Střítežský, Unzeitig Marek Detail
2022
- A system for discovering relationships between network flows (NetFlow/IPFIX), software, 2022
Authors: Ryšavý Ondřej, Holkovič Martin, Matoušek Petr, Minařík Pavel, Aleš Šnupárek, Jan Střítežský Detail
2021
- System for detecting encrypted DNS communication, software, 2021
Authors: Jeřábek Kamil, Minařík Pavel, Holkovič Martin Detail