Analýza šifrovaného provozu založena na kontextové analýze pomocí flow dat

Project Period: 1. 1. 2021 – 31. 12. 2023

Project Type: grant

Code: FW03010099

Agency: Technologická agentura ČR

Program: 3. veřejná soutěž - Program průmyslového výzkumu a experimentálního vývoje TREND, PODPROGRAM 1 – TECHNOLOGIČTÍ LÍDŘI

English title

Context-based Encrypted Traffic Analysis Using Flow Data

Type

grant

Keywords

context-based analysis, NetFlow records relationship, encrypted traffic analysis

Abstract

The goal of the project is to design a new system for threat detection using
contextual NetFlow analysis. This analysis is based on revealing the
relationships between individual network traffic records without the need to
decrypt the traffic to improve the analysis capabilities compared to the
classical approach, which is based on the analysis of only individual records in
isolation. With the new type of analysis, it is possible to identify threats that
are currently hidden due to encryption and, at the same time, provide network
administrators additional information to create an overall picture of the state
of the network, services, or applications used.

Team members

Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS) – research leader
Hranický Radek, Ing., Ph.D. (DIFS)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)