Thesis Details
Rozšíření NetFlow záznamů pro zlepšení možností klasifikace šifrovaného provozu
Master's thesis deals with selection of attributes proper for classification of encrypted traffic, with the extension of NetFlow entries with these attributes and with creating a tool for classify encrypted TLS traffic. The following attributes were selected: size of packets, inter-packet arrival times, number of packets in flow and size of the flow. Selection of attributes was followed by design of extending NetFlow records with these attributes for classifying encrypted traffic. Extension of records was implemented in language C for exporter of the company Flowmon Networks a.s.. Classifier for collector was implemented in language Python. Classifier is based on a model, for which training data were needed. The exporter contains the classifying algorithm too, the place of the classification can be set. The implementation was followed by creation of testing data and evaluation of the accuracy. The speed of the classifier was tested too. In the best case scenario 47% accuracy was achieved.
Encrypted traffic, NetFlow, classification, network protocols.
Grégr Matěj, Ing., Ph.D. (DIFS FIT BUT), člen
Hrubý Martin, Ing., Ph.D. (DITS FIT BUT), člen
Kekely Lukáš, Ing., Ph.D. (DCSY FIT BUT), člen
Kořenek Jan, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Vojnar Tomáš, prof. Ing., Ph.D. (DITS FIT BUT), člen
@mastersthesis{FITMT23159, author = "Peter \v{S}uhaj", type = "Master's thesis", title = "Roz\v{s}\'{i}\v{r}en\'{i} NetFlow z\'{a}znam\r{u} pro zlep\v{s}en\'{i} mo\v{z}nost\'{i} klasifikace \v{s}ifrovan\'{e}ho provozu", school = "Brno University of Technology, Faculty of Information Technology", year = 2020, location = "Brno, CZ", language = "slovak", url = "https://www.fit.vut.cz/study/thesis/23159/" }