Project Details
Analýza šifrovaného provozu pomocí síťových toků
Project Period: 1. 1. 2022 – 30. 6. 2025
Project Type: grant
Code: VJ02010024
Agency: Ministerstvo vnitra ČR
cyber security, network traffic monitoring, threat detection, SIEM, network
flows, encrypted communication
The project focuses on the research of new methods of effective protection
against cyber threats that misuse secured communication for compromise attacks
such as servers and computers in the environment of high-speed networks. Machine
learning methods suitable for determining the characteristics of the encrypted
network flows and associated risks only from available metadata will be
investigated. The system will be implemented using a hardware-accelerated traffic
monitor and a software prototype for high-speed detection of security incidents
and their reporting to the SIEM tool. Further, the incident analysis module in
the form of a plug-in to the QRadar system will be developed. Additionally, the
project outcomes will also include reference data sets of network traffic and
a system for their collection and annotation.
Čiháková Lucie, Ing. (RCIT)
Foltová Jana, Mgr.
Fukač Tomáš, Ing., Ph.D. (DCSY)
Gaďorek Petr, Ing. (DFIT-ISD)
Horák Adam, Ing. (DIFS)
Hranický Radek, Ing., Ph.D. (DIFS)
Hynek Jiří, Ing., Ph.D. (DIFS)
Jeřábek Kamil, Ing., Ph.D. (DIFS)
Korček Pavol, Ing., Ph.D. (DCSY)
Košař Vlastimil, Ing., Ph.D. (DCSY)
Lichtner Ondrej, Ing. (DIFS)
Martínek Tomáš, doc. Ing., Ph.D. (DCSY)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Polišenský Jan, Bc. (DIFS)
Šmolová Martina, Ing. (RCIT)
2024
- BURGETOVÁ, I.; MATOUŠEK, P.; RYŠAVÝ, O. Towards Identification of Network Applications in Encrypted Traffic. The Proceedings of the 8th Cyber Security in Networking Conference (CSNet 2024). IEEE Explore. Paris: IEEE Communications Society, 2024.
p. 213-221. ISBN: 979-8-3315-3410-3. Detail - HRANICKÝ, R.; HORÁK, A.; POLIŠENSKÝ, J.; JEŘÁBEK, K.; RYŠAVÝ, O. Unmasking the Phishermen: Phishing Domain Detection with Machine Learning and Multi-Source Intelligence. In Proceedings of IEEE/IFIP Network Operations and Management Symposium 2024. Soul: Institute of Electrical and Electronics Engineers, 2024.
p. 1-5. ISBN: 979-8-3503-2794-6. Detail - HRANICKÝ, R.; HORÁK, A.; POLIŠENSKÝ, J.; ONDRYÁŠ, O.; JEŘÁBEK, K.; RYŠAVÝ, O. Spotting the Hook: Leveraging Domain Data for Advanced Phishing Detection. In 2024 10th International Conference on Network and Service Management (CNSM). Praha: Institute of Electrical and Electronics Engineers, 2024.
p. 1-7. ISBN: 978-3-903176-66-9. Detail - JEŘÁBEK, K.; HYNEK, K.; RYŠAVÝ, O. Comparative Analysis of DNS over HTTPS Detectors. Computer Networks, 2024, vol. 2024, no. 247,
p. 110452-110465. ISSN: 1872-7069. Detail - MARTÍNEK, T.; KOŘENEK, J.; ČEJKA, T. LGBM2VHDL: Mapping of LightGBM Models to FPGA. In 2024 IEEE 32nd Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM). Orlando, FL: IEEE Computer Society, 2024.
p. 97-103. ISBN: 979-8-3503-7243-4. Detail - MATOUŠEK, P.; RYŠAVÝ, O.; BURGETOVÁ, I. Experience Report: Using JA4+ Fingerprints for Malware Detection in Encrypted Traffic. In Proceedings of 20th International Conference on Network and Service Management. Prague: 2024.
p. 1-5. Detail
2023
- JEŘÁBEK, K.; HYNEK, K.; RYŠAVÝ, O.; BURGETOVÁ, I. DNS over HTTPS Detection Using Standard Flow Telemetry. IEEE Access, 2023, vol. 2023, no. 11,
p. 50000-50012. ISSN: 2169-3536. Detail - JEŘÁBEK, K.; RYŠAVÝ, O.; BURGETOVÁ, I. Analysis of Well-Known DNS over HTTPS Resolvers. In 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC). Las Vegas: 2023.
p. 516-524. ISBN: 979-8-3503-3286-5. Detail - KOŠAŘ, V.; ŠIŠMIŠ, L.; MATOUŠEK, J.; KOŘENEK, J. Accelerating IDS Using TLS Pre-Filter in FPGA. In Proceedings - IEEE Symposium on Computers and Communications. Tunis: IEEE Computer Society, 2023.
p. 436-442. ISBN: 979-8-3503-0048-2. Detail - POLIAKOV, D.; HYNEK, K.; ČEJKA, T.; KOLÁŘ, D. BOTA: Explainable IoT Malware Detection in Large Networks. IEEE Internet of Things Journal, 2023, vol. 10, no. 10,
p. 8416-8431. ISSN: 2327-4662. Detail