Flow-based Encrypted Traffic Analysis
Program
Strategická podpora rozvoje bezpečnostního výzkumu ČR 2019 - 2025 (IMPAKT 1)
Provider
Ministry of Interior
Departments
Investigators
Code
VJ02010024
Period
2022 - 2025
Description
The project researches new methods of effective protection against cyber threats that misuse secured communication for cyber attacks against servers and computers in the environment of high-speed networks. Based on available metadata, the project will investigate Machine learning methods suitable for determining the characteristics of the encrypted network flows and associated risks. The system will be implemented using a hardware-accelerated traffic monitor and a software prototype for high-speed detection of security incidents, which will be reported to the SIEM tool. Further, a plug-in to the QRadar system for the incident analysis will be developed. The project outcomes will also include reference data sets of network traffic and a system for their collection and annotation.
Traffic monitoring in high-speed networks using artificial intelligence
Program
Studentská grantová soutěž ČVUT
Investigators
Code
SGS23/207/OHK3/3T/18
Period
2023 - 2025
Description
Artificial intelligence and machine learning are beginning to penetrate many application domains, which enhances automation and uses a large amount of data to derive information. The natural evolution of computer networks leads to increased complexity, diversity, and massive use of encrypted protocols. This trend complicates the monitoring process, as encryption reduces visibility into traffic. In addition, the variety of protocols complicates the processing of the operation of monitoring systems. Existing monitoring and security analysis tools need to be extended to address the new characteristics of network traffic, and machine learning can leverage technologies and practices to do so. In the project, we plan to develop and use advanced tools for creating IP flows enriched with vectors of flags and statistics for machine learning. We plan to use the resulting extended IP flows for creating datasets, classifying traffic, and detecting security threats. The developed classification and detection algorithms will be examined, among other perspectives, from the point of view of time series created from network traffic. An essential part of the planned research is the analysis and automatic evaluation of the created data sets from network traffic.