Project Details

Analýza šifrovaného provozu pomocí síťových toků

Project Period: 1. 1. 2022 – 30. 6. 2025

Project Type: grant

Code: VJ02010024

Agency: Ministerstvo vnitra ČR

Program: Strategická podpora rozvoje bezpečnostního výzkumu ČR 2019–2025 (IMPAKT 1) PODPROGRAMU 1 SPOLEČNÉ VÝZKUMNÉ PROJEKTY (BV IMP1/2VS)

English title
Flow-based Encrypted Traffic Analysis
Type
grant
Keywords

cyber security, network traffic monitoring, threat detection, SIEM, network flows, encrypted communication

Abstract

The project focuses on the research of new methods of effective protection against cyber threats that misuse secured communication for compromise attacks such as servers and computers in the environment of high-speed networks. Machine learning methods suitable for determining the characteristics of the encrypted network flows and associated risks only from available metadata will be investigated. The system will be implemented using a hardware-accelerated traffic monitor and a software prototype for high-speed detection of security incidents and their reporting to the SIEM tool. Further, the incident analysis module in the form of a plug-in to the QRadar system will be developed. Additionally, the project outcomes will also include reference data sets of network traffic and a system for their collection and annotation.

Team members
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS) – research leader
Hranický Radek, Ing., Ph.D. (DIFS)
Hynek Jiří, Ing., Ph.D. (DIFS)
Jeřábek Kamil, Ing., Ph.D. (DIFS)
Martínek Tomáš, doc. Ing., Ph.D. (DCSY)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Publications

2024

  • MATOUŠEK, P.; RYŠAVÝ, O.; BURGETOVÁ, I. Experience Report: Using JA4+ Fingerprints for Malware Detection in Encrypted Traffic. 2024. p. 0-0. Detail

2023

  • JEŘÁBEK, K.; HYNEK, K.; RYŠAVÝ, O.; BURGETOVÁ, I. DNS over HTTPS Detection Using Standard Flow Telemetry. IEEE Access, 2023, vol. 2023, no. 11, p. 50000-50012. ISSN: 2169-3536. Detail
  • JEŘÁBEK, K.; RYŠAVÝ, O.; BURGETOVÁ, I. Analysis of Well-Known DNS over HTTPS Resolvers. In 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC). Las Vegas: 2023. p. 516-524. ISBN: 979-8-3503-3286-5. Detail
  • KOŠAŘ, V.; ŠIŠMIŠ, L.; MATOUŠEK, J.; KOŘENEK, J. Accelerating IDS Using TLS Pre-Filter in FPGA. In Proceedings - IEEE Symposium on Computers and Communications. Tunis: IEEE Computer Society, 2023. p. 436-442. ISBN: 979-8-3503-0048-2. Detail
Back to top