Analýza šifrovaného provozu založena na kontextové analýze pomocí flow dat

context-based analysis, NetFlow records relationship, encrypted traffic analysis

The goal of the project is to design a new system for threat detection using contextual NetFlow analysis. This analysis is based on revealing the relationships between individual network traffic records without the need to decrypt the traffic to improve the analysis capabilities compared to the classical approach, which is based on the analysis of only individual records in isolation. With the new type of analysis, it is possible to identify threats that are currently hidden due to encryption and, at the same time, provide network administrators additional information to create an overall picture of the state of the network, services, or applications used.