Ing. Tomáš Čejka, Ph.D.

Publikace

Classification of network traffic

Rok
2022
Publikováno
Proceedings of the 10th Prague Embedded Systems Workshop. Praha: CTU. Faculty of Information Technology, 2022. p. 52-58. ISBN 978-80-01-07015-4.
Typ
Stať ve sborníku
Anotace
This paper describes the context of existing approaches to real-time net- work flow classification and focuses on the contributions of bachelor and master thesis of the author. The paper also proposes several research questions that are planned for the future Ph.D. study.

Summary of DNS Over HTTPS Abuse

Autoři
Hynek, K.; Vekshin, D.; Luxemburk, J.; Čejka, T.; Wasicek, A.
Rok
2022
Publikováno
IEEE Access. 2022, 2022(10), 54668-54680. ISSN 2169-3536.
Typ
Článek
Anotace
The Internet Engineering Task Force adopted the DNS over HTTPS protocol in 2018 to remediate privacy issues regarding the plain text transmission of the DNS protocol. According to our observations and the analysis described in this paper, protecting DNS queries using HTTPS entails security threats. This paper surveys DoH related research works and analyzes malicious and unwanted activities that leverage DNS over HTTPS and can be currently observed in the wild. Additionally, we describe three real-world abuse scenarios observed in the web environment that reveal how service providers intentionally use DNS over HTTPS to violate policies. Last but not least, we identified several research challenges that we consider important for future security research.

Vision of Active Learning Framework Approach to Network Traffic Analysis Research

Autoři
Pešek, J.; Soukup, D.; Čejka, T.
Rok
2022
Publikováno
Proceedings of the 10th Prague Embedded Systems Workshop. Praha: CTU. Faculty of Information Technology, 2022. p. 68-72. ISBN 978-80-01-07015-4.
Typ
Stať ve sborníku
Anotace
Current research in the network security domain intensively uses machine learning (ML) and artificial intelligence to automate processes and reveal hidden patterns in data. These technologies, however, require lots of training datasets with ideally high quality. Additionally, network infrastructures continuously evolve and thus network traffic dynamically changes in time as well. There is an urgent need to adapt machine learning models, update datasets with the latest samples of annotated network traffic and retrain the models regularly to sustain feasible performance. Active Learning Framework (ALF) directly targets these demands and aims to provide a modular platform for scientific experiments and deployment in practice as well as to support research activities regarding quality of datasets. This paper particularly describes ALF software and proposes its possible use cases in research and practice domains.

Towards Evaluating Quality of Datasets for Network Traffic Domain

Autoři
Soukup, D.; Tisovčík, P.; Hynek, K.; Čejka, T.
Rok
2021
Publikováno
Proceedings of the 2021 17th International Conference on Network and Service Management. New York: IEEE, 2021. p. 264-268. ISSN 2165-963X. ISBN 978-3-903176-36-2.
Typ
Stať ve sborníku
Anotace
This paper deals with the quality of network traffic datasets created to train and validate machine learning classification and detection methods. Naturally, there is a long epoch of research targeted at data quality; however, it is focused mainly on data consistency, validity, precision, and other metrics, which are insufficient for network traffic use-cases. The rise of Machine learning usage in network monitoring applications requires a new methodology for evaluation datasets. There is a need to evaluate and compare traffic samples captured at different conditions and decide the usability of the already captured and annotated data. This paper aims to explain a use case of dataset creation, propose definitions regarding the quality of the network traffic datasets, and finally, describe a framework for datasets analysis.

Behavior Anomaly Detection in IoT Networks

Autoři
Soukup, D.; Čejka, T.; Hynek, K.
Rok
2020
Publikováno
Proceeding of the International Conference on Computer Networks, Big Data and IoT (ICCBI - 2019). Cham: Springer International Publishing, 2020. p. 465-473. Lecture Notes on Data Engineering and Communications Technologies. vol. 49. ISSN 2367-4520. ISBN 978-3-030-43192-1.
Typ
Kapitola v knize
Anotace
Data encryption makes deep packet inspection less suitable nowadays, and the need of analyzing encrypted traffic is growing. Machine learning brings new options to recognize a type of communication despite the heterogeneity of encrypted IoT traffic right at the network edge. We propose the design of scalable architecture and the method for behavior anomaly detection in IoT networks. Combination of two existing semi-supervised techniques that we used ensures higher reliability of anomaly detection and improves results achieved by a single method. We describe conducted classification and anomaly detection experiments allowed thanks to existing and our training datasets. Presented satisfying results provide a subject for further work and allow us to elaborate on this idea.

Classification of Network Traffic using Traffic Features

Rok
2020
Publikováno
Proceedings of the 8th Prague Embedded Systems Workshop. Praha: Czech Technical University in Prague, 2020. p. 17-18. ISBN 978-80-01-06772-7.
Typ
Stať ve sborníku
Anotace
Computer networks are gradually becoming essential people’s needs. The amount of network traffic and network devices is increasing every day due to improvements and expansion of network infrastructure.The new trend of smart phones, watches, fridges and, in general, smart homes connect a high number of new devices into a network infrastructure. Therefore, the overall volume of network traffic grows, and also networks are getting more complex, which means they are harder to monitor. The main focus of our presentation is the monitoring technology for high speed networks that is able to analyze and classify network traffic automatically. Traffic classification is an essential functionality for various purposes, such as network security. Identification of types of network traffic is a part of the process of, e.g., forensic analysis. Therefore, the accurate and fast classification algorithm provides valuable information for network operators and security analysts. As a software prototype for our experiments, we use NEMEA system. We have developed NEMEA modules that contain the classification algorithms. These prototypes allow us to compare different algorithms in an experimental environment with offline data, and the same software module (with the best performance) can also be deployed in production for online analysis.

DoH detection: Discovering hidden DNS

Autoři
Hynek, K.; Čejka, T.; Vekshin, D.
Rok
2020
Publikováno
Proceedings of the 8th Prague Embedded Systems Workshop. Praha: Czech Technical University in Prague, 2020. p. 14-16. ISBN 978-80-01-06772-7.
Typ
Stať ve sborníku
Anotace
The necessity of securing users’ privacy on the internet has given the rise of a new protocol called DNSover HTTPS (DoH). It aims to replace traditional DNS for domain name translation with encryption as a benefit. Unfortunately, the laudable attempt to increase the privacy of users also brings some security threats as well. Readable information from DNS is one of the most essential data-source in computer security, especially for security forensic analysis. The DNS queries in the network can reveal malicious activity in the network like the presence of malware, botnet communication, and also data exfiltration.Thus network administrators might want to block encrypted DoH in their network, however, the currently available approaches are based on lists of IP adresses of well-known DoH providers/resolvers. This way of detection can be easily surpassed by its own private or not generally known DoH resolver. Since the presence of DoH communication might also indicate some malicious activity or at least a policy violation, we decided to find a possible way to detect DoH based on the traffic behavior. This research aims to recognize DoH from extended IP flow data by Machine Learning regardless IP addresses.

Evaluating Bad Hosts Using Adaptive Blacklist Filter

Autoři
Hynek, K.; Čejka, T.; Žádník, M.; Kubátová, H.
Rok
2020
Publikováno
Proceedings of the 9th Mediterranean Conference on Embedded Computing - MECO'2020. Institute of Electrical and Electronics Engineers, Inc., 2020. p. 306-310. ISSN 2637-9511. ISBN 978-1-7281-6949-1.
Typ
Stať ve sborníku
Anotace
Publicly available blacklists are popular tools to capture and spread information about misbehaving entities on the Internet. In some cases, their straight-forward utilization leads to many false positives. In this work, we propose a system that combines blacklists with network flow data while introducing automated evaluation techniques to avoid reporting unreliable alerts. The core of the system is formed by an Adaptive Filter together with an Evaluator module. The assessment of the system was performed on data obtained from a national backbone network. The results show the contribution of such a system to the reduction of unreliable alerts.

QoD: Ideas about Evaluating Quality of Datasets

Autoři
Soukup, D.; Hynek, K.; Čejka, T.
Rok
2020
Publikováno
Proceedings of the 8th Prague Embedded Systems Workshop. Praha: Czech Technical University in Prague, 2020. p. 8-9. ISBN 978-80-01-06772-7.
Typ
Stať ve sborníku
Anotace
Importance of computer networks is raising every year. The reason is that we are connecting more and more devices, applications and our daily routines depends on connectivity. On the other hand, this is a great potential for attackers. They can hide their activities in complex network environment and steal valuable data. Without solid dataset, our evaluation score is misinterpreting the real score in production environment, and, therefore, proper datasets have essential role in research&development of any ML-based classifier or detector. The main motivation for this paper is to find a way how to evaluate quality of any dataset to estimate if it is good enough for ML experiments. To our best knowledge, there are only a few studies focused on quality evaluation of datasets with network traffic. For experiments, we selected datasets about DNS over HTTP (DoH) detection and URL classification problems that are already being elaborated. All metrics are calculated from dataset level. Impact of these metrics is evaluated on Random Forest (RF) model. We show results we have discovered in our datasets and ML detection modules. Eventually, we discuss possible next steps in this research.

Refined detection of SSH brute-force attackers using machine learning

Autoři
Hynek, K.; Beneš, T.; Čejka, T.; Kubátová, H.
Rok
2020
Publikováno
ICT Systems Security and Privacy Protection. Cham: Springer, 2020. p. 49-63. IFIP Advances in Information and Communication Technology. vol. 580. ISSN 1868-4238. ISBN 978-3-030-58200-5.
Typ
Stať ve sborníku
Anotace
This paper presents a novel approach to detect SSH brute-force (BF) attacks in high-speed networks. Contrary to host-based approaches, we focus on network traffic analysis to identify attackers. Recent papers describe how to detect BF attacks using pure NetFlow data. However, our evaluation shows significant false-positive (FP) results of the current solution. To overcome the issue of high FP rate, we propose a machine learning (ML) approach to detection using specially extended IP Flows. The contributions of this paper are a new dataset from real environment, experimentally selected ML method, which performs with high accuracy and low FP rate, and an architecture of the detection system. The dataset for training was created using extensive evaluation of captured real traffic, manually prepared legitimate SSH traffic with characteristics similar to BF attacks, and, finally, using a packet trace with SSH logs from real production servers.

The next step of P4 FPGA architectures: External Memories

Autoři
Beneš, T.; Čejka, T.; Kubátová, H.
Rok
2020
Publikováno
Proceedings of the 8th Prague Embedded Systems Workshop. Praha: Czech Technical University in Prague, 2020. p. 5-7. ISBN 978-80-01-06772-7.
Typ
Stať ve sborníku
Anotace
P4 is a recent feasible technology that helps to make a modern infrastructure flexible and readyfor changes. Software solutions are available, but not efficient enough for high throughput and lowlatency applications. Therefore, hardware acceleration is used commonly. This paper discusses caveatsof currently existing approaches, mainly focused on FPGAs, which are flexible but resource-limited.Our aim is to propose an extension of standard P4 architecture to support external memory and explain apossible approach to overcome the issues.

Future approaches to monitoring in high-speed backbone networks

Autoři
Hynek, K.; Beneš, T.; Čejka, T.; Kubátová, H.
Rok
2019
Publikováno
Proceedings of the 7th Prague Embedded Systems Workshop. Praha: ČVUT FIT, Katedra číslicového návrhu, 2019. p. 27-28. ISBN 978-80-01-06607-2.
Typ
Stať ve sborníku
Anotace
Network monitoring features has been always a challenge in high-speed networks. Some of themlike detailed traffic analysis and packet inspection are not suited or simply not feasible even on modernhardware. The challenges are becoming even greater with an uprise of encrypted traffic. This leaves largeopportunity for threat actors to take advantage of. Therefore, it is necessary to develop a new generationof monitoring tools that can deal with the current issues for security purposes. This research aims toimprove traffic analysis techniques to handle encrypted traffic, and also to adapt hardware acceleratedmonitoring components for processing.

L7 capable flow exporter described in P4

Autoři
Havránek, J.; Čejka, T.; Benáček, P.
Rok
2019
Publikováno
Proceedings of the 7th Prague Embedded Systems Workshop. Praha: ČVUT FIT, Katedra číslicového návrhu, 2019. p. 29-32. ISBN 978-80-01-06607-2.
Typ
Stať ve sborníku
Anotace
Current flow exporters are the essential source of information for monitoring systems. They usually cre-ate aggregated information as flow data and, additionally, it is possible to extract headers from higherlayer protocols (L7). Due to requirements on high throughput, the flow exporters use hardware accel-eration to handle high packet rate at link speed (aiming at least 100 Gb/s). However, manually createddesign of such high-performance devices is very complex and complicated. Therefore, we propose touse a high-level P4 language for description of network traffic processing device that will be capable ofhandling L7 information. As our recent works show, it is possible to generate high-performance firmwaredesign automatically based on P4 description. Since P4 is not primarily intended for processing L7 data,this paper proposes a feasible way to overcome limits of P4.

Augmented DDoS Mitigation with Reputation Scores

Autoři
Jánský, T.; Čejka, T.; Žádník, M.; Bartoš, V.
Rok
2018
Publikováno
Proceedings of the 13th International Conference on Availability, Reliability and Security. New York: ACM, 2018. ARES 2018. ISBN 978-1-4503-6448-5.
Typ
Stať ve sborníku
Anotace
Network attacks, especially DoS and DDoS attacks, are a significant threat for all providers of services or infrastructure. The biggest attacks can paralyze even large-scale infrastructures of worldwide companies. Attack mitigation is a complex issue studied by many researchers and security companies. While several approaches were proposed, there is still space for improvement. This paper proposes to augment existing mitigation heuristic with knowledge of reputation score of network entities. The aim is to find a way to mitigate malicious traffic present in DDoS amplification attacks with minimal disruption to communication of legitimate traffic.

P4-To-VHDL: Automatic generation of high-speed input and output network blocks

Autoři
Benáček, P.; Puš, V.P.; Kubátová, H.; Čejka, T.
Rok
2018
Publikováno
Microprocessors and Microsystems. 2018, 56 22-33. ISSN 0141-9331.
Typ
Článek
Anotace
High-performance embedded architectures typically contain many stand-alone blocks which communicate and exchange data; additionally a high-speed network interface is usually needed at the boundary of the system. The software-based data processing is typically slow which leads to a need for hardware accelerated approaches. The problem is getting harder if the supported protocol stack is rapidly changing. Such problem can be effectively solved by the Field Programmable Gate Arrays and high-level synthesis which together provide a high degree of generality. This approach has several advantages like fast development or possibility to enable the area of packet-oriented communication to domain oriented experts. However, the typical disadvantage of this approach is the insufficient performance of generated system from a high-level description. This can be a serious problem in the case of a system which is required to process data at high packet rates. This work presents a generator of high-speed input (Parser) and output (Deparser) network blocks from the P4 language which is designed for the description of modern packet processing devices. The tool converts a P4 description to a synthesizable VHDL code suitable for the FPGA implementation. We present design, analysis and experimental results of our generator. Our results show that the generated circuits are able to process 100 Gbps traffic with fairly complex protocol structure at line rate on Xilinx Virtex-7 XCVH580T FPGA. The approach can be used not only in networking devices but also in other applications like packet processing engines in embedded cores because the P4 language is device and protocol independent.

Gateway for IoT Security

Autoři
Čejka, T.; Švepeš, M.; Viktorin, J.
Rok
2017
Publikováno
Proceedings of the 5th Prague Embedded Systems Workshop. Praha: katedra číslicového návrhu, 2017. ISBN 978-80-01-06178-7.
Typ
Stať ve sborníku
Anotace
In the last years, many devices and systems containing electronics were equipped with communication interfaces and it allowed people to read data from them and control the functionality of the devices remotely. Using the communication interfaces, it was possible to let devices communicate between each other without human interaction. The current state-of-the-art call this phenomenon as an Internet of Things (IoT). This kind of automation helps people to improve their lives and therefore in many cases people can become dependent on the devices. In some cases, the security of the devices and their communication is crucial. Unfortunately, as some of the manufacturers focus on low price, many devices and technologies are not secured enough. There is a research project called Secure Gateway for Internet of Things (SIoT) with several participants from the Czech academic institutions. The main goal of the project is a gateway based on open source technologies for secure deployment and operation of IoT devices.

Preserving Relations in Parallel Flow Data Processing

Autoři
Čejka, T.; Žádník, M.
Rok
2017
Publikováno
Security of Networks and Services in an All-Connected World. Basel: Springer, 2017. p. 153-156. ISSN 0302-9743. ISBN 978-3-319-60773-3.
Typ
Stať ve sborníku
Anotace
Network monitoring produces high volume of data that must be analyzed ideally in near real-time to support network security operations. It is possible to process the data using Big Data frameworks, however, such approach requires adaptation or complete redesign of processing tools to get the same results. This paper elaborates on a parallel processing based on splitting a stream of flow records. The goal is to create subsets of traffic that contain enough information for parallel anomaly detection. The paper describes a methodology based on so called witnesses that helps to scale up without any need to modify existing algorithms.

NEMEA: A Framework for Network Traffic Analysis

Autoři
Čejka, T.; Bartoš, V.; Švepeš, M.; Rosa, Z.; Kubátová, H.
Rok
2016
Publikováno
12th International Conference on Network and Service Management. Montreal: IEEE, 2016. p. 195-201. ISSN 2165-963X. ISBN 978-3-901882-85-2.
Typ
Stať ve sborníku
Anotace
Since network attacks become more sophisticated, it is difficult to discover them using traditional analysis tools. For some kinds of attacks, it is necessary to analyze Application Layer (L7) information in order to detect them. However, there is a lack of existing tools capable of L7 processing and manipulation. Therefore, we propose a flow-based modular Network Measurements Analysis (NEMEA) system to overcome the situation. NEMEA is designed with respect to a stream-wise concept, i. e. data are analyzed continuously in memory with minimal data storage. NEMEA is developed as an open-source project and is publicly available for world-wide community. It is designed for both experimental and operational use. It is able to process off-line traffic traces as well as live network flows. The system is very flexible and can be easily extended by new modules. The modules are developed within a NEMEA framework that is a key component of the project. NEMEA thus represents a unified platform for research and development of new traffic analysis methods. It covers several important topics not limited to analysis and detection. Some of them are described in this paper. Originally, NEMEA has been developed for the purposes of Czech National Research and Education Network operator. Therefore, it is focused on handling high speed network traffic with links working at 100 Gbps.

Nemea: Searching for Botnet Footprints

Autoři
Rok
2015
Publikováno
Proceedings of the 3rd Prague Embedded Systems Workshop. Praha: ČVUT FIT, Katedra číslicového návrhu, 2015. pp. 11-16. ISBN 978-80-01-05776-6.
Typ
Stať ve sborníku
Anotace
Malicious network traffic originated by malware means a serious threat. Current malware is designed to hide itself from the eyes of victim users as well as network administrators. It is very difficult or impossible to discover such traffic using traditional ways of flow-based monitoring. This paper describes a network traffic analysis of a backbone network as an attempt to discover infected devices. Cooperation with forensic laboratory and analysis of samples of malware allow to gain information that can lead to find unwanted traffic. Special tailored Nemea framework with high speed monitoring pipeline was used to discover infected devices on the network.

Using Application-Aware Flow Monitoring for SIP Fraud Detection

Autoři
Čejka, T.; Bartoš, V.; Truxa, L.; Kubátová, H.
Rok
2015
Publikováno
Intelligent Mechanisms for Network Configuration and Security. Cham: Springer International Publishing, 2015. p. 87-99. ISSN 0302-9743. ISBN 978-3-319-20033-0.
Typ
Stať ve sborníku
Anotace
Flow monitoring helps to discover many network security threats targeted to various applications or network protocols. In this paper, we show usage of the flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection. A traditionally used flow record is insufficient for this purpose and therefore it was extended by application-layer information. In particular, we focus on the Session Initiation Protocol (SIP) and the type of a toll-fraud in which an attacker tries to exploit poor configuration of a private branch exchange (PBX). The attacker’s motivation is to make unauthorized calls to PSTN numbers that are usually charged at high rates and owned by the attacker. As a result, a successful attack can cause a significant financial loss to the owner of PBX. We propose a method for stream-wise and near real-time analysis of the SIP traffic and detection of the described threat. The method was implemented as a module of the Nemea system and deployed on a backbone network. It was evaluated using simulated as well as real attacks.

Change-point detection method on 100 Gb/s ethernet interface

Autoři
Benáček, P.; Blažek, R.; Čejka, T.; Kubátová, H.
Rok
2014
Publikováno
Architectures for Networking and Communications Systems (ANCS), 2014 ACM/IEEE Symposium on. New York: ACM, 2014. p. 245-246. ISBN 978-1-4503-2839-5.
Typ
Stať ve sborníku
Anotace
This paper deals with hardware acceleration of statistical methods for detection of anomalies on 100Gb/s Ethernet. The approach is demonstrated by implementing a sequential Non-Parametric Cumulative Sum (NP-CUSUM) procedure. We use high-level synthesis in combination with emerging software defined monitoring (SDM) methodology for rapid development of FPGA-based hardware-accelerated network monitoring applications. The implemented method offloads detection of network attacks and anomalies directly into an FPGA chip. The parallel nature of FPGA allows for simultaneous detection of various kinds of anomalies. Our results show that hardware acceleration of statistical methods using the SDM concept with high-level synthesis from C/C++ is possible and very promising for traffic analysis and anomaly detection in high-speed 100Gb/s networks.

FPGA Accelerated Change-Point Detection Method for 100 Gb/s Networks

Autoři
Čejka, T.; Kekely, L.; Benáček, P.; Blažek, R.; Kubátová, H.
Rok
2014
Publikováno
MEMICS proceedings. Brno: NOVPRESS, 2014. pp. 40-51. ISBN 978-80-214-5022-6.
Typ
Stať ve sborníku
Anotace
The aim of this paper is a hardware realization of a statistical anomaly detection method as a part of high-speed monitoring probe for computer networks. The sequential Non-Parametric Cumulative Sum (NP-CUSUM) procedure is the detection method of our choice and we use an FPGA based accelerator card as the target platform. For rapid detection algorithm development, a high-level synthesis (HLS) approach is applied. Furthermore, we combine HLS with the usage of Software Defined Monitoring (SDM) framework on the monitoring probe, which enables easy deployment of various hardware-accelerated monitoring applications into high-speed networks. Our implementation of NP-CUSUM algorithm serves as hardware plug-in for SDM and realizes the detection of network attacks and anomalies directly in FPGA. Additionally, the parallel nature of the FPGA technology allows us to realize multiple different detections simultaneously without any losses in throughput. Our experimental results show the feasibility of HLS and SDM combination for effective realization of traffic analysis and anomaly detection in networks with speeds up to 100 Gb/s.

Stream-wise Detection of Surreptitious Traffic over DNS

Autoři
Rok
2014
Publikováno
2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD) (CAMAD 2014). Pomona, California: IEEE Communications Society, 2014. p. 300-304. ISSN 2378-4865. ISBN 978-1-4799-5725-5.
Typ
Stať ve sborníku
Anotace
The Domain Name System (DNS) belongs to crucial services in a computer network. Because of its importance, DNS is usually allowed in security policies. That opens a way to break policies and to transfer data from/to restricted area due to misusage of a DNS infrastructure. This paper is focused on a detection of communication tunnels and other anomalies in a DNS traffic. The proposed detection module is designed to process huge volume of data and to detect anomalies at near real-time. It is based on combination of statistical analysis of several observed features including application layer information. Our aim is a stream-wise processing of huge volume of DNS data from backbone networks. To achieve these objectives with minimal resource consumption, the detection module uses efficient extended data structures. The performance evaluation has shown that the detector is able to process approximately 511 thousand DNS flow records per second. In addition, according to experiments, a tunnel that lasts over 30 seconds can be detected in a minute. During the on-line testing on a real traffic from production network, the module signalized on average over 60 confirmed alerts including DNS tunnels per day.

Systém pro detekci anomálií v počítačových sítích

Autoři
Rok
2013
Publikováno
Počítačové architektury a diagnostika - PAD 2013. Plzeň: Západočeská universita, Fakulta aplikovaných věd, 2013, pp. 51-56. ISBN 978-80-261-0270-0.
Typ
Stať ve sborníku
Anotace
Tato práce se zabývá systémem NEMEA pro analýzu síťových toků a detekci anomálií v počítačových sítích. Jedná se o vyvíjený distribuovaný modulární systém, který může sloužit pro porovnávání existujících detekčních metod, ale i snadnější vývoj a testování nových detekčních metod. Pod pojmem anomálie je v tomto kontextu myšlen stav, při kterém dochází k omezení kvality služeb, nebo kdy dochází k bezpečnostnímu incidentu (případně obojí). Tyto stavy je potřeba co nejdříve detekovat a nahlásit operátorům systému nebo sítě. Navrhovaný distribuovaný systém musí řešit včasnou detekci za pomoci detekčních metod implementovaných jako zapojitelné moduly, které si mezi sebou předávají data. Pro dosažení minimálního průměrného zpoždění detekce a četnosti falešných poplachů je třeba u některých metod vhodně nastavit jejich parametry. Navržení mechanismu automatického odhadu optimálních hodnot parametrů patří k vizím mé disertační práce.

Hardwarově akcelerovaná detekce anomálií v počítačových sítích s využitím FPGA

Autoři
Rok
2012
Publikováno
Počítačové architektury a diagnostika - PAD 2012. Praha: ČVUT v Praze, 2012, pp. 13-16. ISBN 978-80-01-05106-1.
Typ
Stať ve sborníku
Anotace
Tento příspěvek vysvětluje téma disertační práce a její motivaci. Cílem by měla být studie metodologie, která zefektivní funkcionalitu existujícícj metod detekce anomální v počítačových sítích, včetně vlastní vzorové implementace pomocí FPGA na COMBO kartě. Tento princip by měl být využitelný pro nasazení na velkých vysokorychlostních počítačových sítích, kde je nutná vysoká spolehlivost a dostupnost. Proto je nezbytné stav takovýchto sítí monitorovat a detekovat případné anomálie v reálném čase s co nejnižším výskytem falaešných poplachů a nízkou průměrnou dobou detekce.