Flow-based Encrypted Traffic Analysis
Program
Strategická podpora rozvoje bezpečnostního výzkumu ČR 2019 - 2025 (IMPAKT 1)
Provider
Ministry of Interior
Departments
Investigators
Code
VJ02010024
Period
2022 - 2025
Description
The project researches new methods of effective protection against cyber threats that misuse secured communication for cyber attacks against servers and computers in the environment of high-speed networks. Based on available metadata, the project will investigate Machine learning methods suitable for determining the characteristics of the encrypted network flows and associated risks. The system will be implemented using a hardware-accelerated traffic monitor and a software prototype for high-speed detection of security incidents, which will be reported to the SIEM tool. Further, a plug-in to the QRadar system for the incident analysis will be developed. The project outcomes will also include reference data sets of network traffic and a system for their collection and annotation.