Project Details

Analýza šifrovaného provozu pomocí síťových toků

Project Period: 1. 1. 2022 - 30. 6. 2025

Project Type: grant

Code: VJ02010024

Agency: Ministry of Interior of the Czech Republic

Program: Strategická podpora rozvoje bezpečnostního výzkumu ČR 20192025 (IMPAKT 1) PODPROGRAMU 1 SPOLEČNÉ VÝZKUMNÉ PROJEKTY (BV IMP1/2VS)

English title
Flow-based Encrypted Traffic Analysis
Type
grant
Keywords

cyber security, network traffic monitoring, threat detection, SIEM, network flows, encrypted communication

Abstract

The project focuses on the research of new methods of effective protection against cyber threats that misuse secured communication for compromise attacks such as servers and computers in the environment of high-speed networks. Machine learning methods suitable for determining the characteristics of the encrypted network flows and associated risks only from available metadata will be investigated. The system will be implemented using a hardware-accelerated traffic monitor and a software prototype for high-speed detection of security incidents and their reporting to the SIEM tool. Further, the incident analysis module in the form of a plug-in to the QRadar system will be developed. Additionally, the project outcomes will also include reference data sets of network traffic and a system for their collection and annotation.

Team members
Ryšavý Ondřej, doc. Ing., Ph.D. (UIFS FIT VUT) , research leader
Čiháková Lucie, Ing. (VCIT FIT VUT)
Foltová Jana, Mgr. (UPSY FIT VUT)
Fukač Tomáš, Ing. (UPSY FIT VUT)
Gaďorek Petr, Ing. (CVT FIT VUT)
Horák Adam, Ing. (UIFS FIT VUT)
Hranický Radek, Ing., Ph.D. (UIFS FIT VUT)
Hynek Jiří, Ing., Ph.D. (UIFS FIT VUT)
Jeřábek Kamil, Ing., Ph.D. (UIFS FIT VUT)
Korček Pavol, Ing., Ph.D. (UPSY FIT VUT)
Košař Vlastimil, Ing., Ph.D. (UPSY FIT VUT)
Lichtner Ondrej, Ing. (UIFS FIT VUT)
Martínek Tomáš, doc. Ing., Ph.D. (UPSY FIT VUT)
Matoušek Petr, doc. Ing., Ph.D., M.A. (UIFS FIT VUT)
Polišenský Jan, Bc. (UIFS FIT VUT)
Šmolová Martina, Ing. (VCIT FIT VUT)
Publications

2024

  • MATOUŠEK Petr, RYŠAVÝ Ondřej and BURGETOVÁ Ivana. Experience Report: Using JA4+ Fingerprints for Malware Detection in Encrypted Traffic. In: Proceedings of 20th International Conference on Network and Service Management. Prague, 2024, pp. 1-5. Detail
  • HRANICKÝ Radek, HORÁK Adam, POLIŠENSKÝ Jan, JEŘÁBEK Kamil and RYŠAVÝ Ondřej. Unmasking the Phishermen: Phishing Domain Detection with Machine Learning and Multi-Source Intelligence. In: Proceedings of IEEE/IFIP Network Operations and Management Symposium 2024. Soul: Institute of Electrical and Electronics Engineers, 2024, pp. 1-5. ISBN 979-8-3503-2794-6. Detail

2023

  • KOŠAŘ Vlastimil, ŠIŠMIŠ Lukáš, MATOUŠEK Jiří and KOŘENEK Jan. Accelerating IDS Using TLS Pre-Filter in FPGA. In: Proceedings - IEEE Symposium on Computers and Communications. Tunis: IEEE Computer Society, 2023, pp. 436-442. ISBN 979-8-3503-0048-2. Detail
  • JEŘÁBEK Kamil, RYŠAVÝ Ondřej and BURGETOVÁ Ivana. Analysis of Well-Known DNS over HTTPS Resolvers. In: 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC). Las Vegas, 2023, pp. 516-524. ISBN 979-8-3503-3286-5. Detail
  • JEŘÁBEK Kamil, HYNEK Karel, RYŠAVÝ Ondřej and BURGETOVÁ Ivana. DNS over HTTPS Detection Using Standard Flow Telemetry. IEEE Access, vol. 2023, no. 11, pp. 50000-50012. ISSN 2169-3536. Detail
Products

2023

  • Architectures and software for high-speed network traffic processing, software, 2023
    Authors: Cabal Jakub, Matoušek Jiří, Špinler Martin, Košař Vlastimil, Fukač Tomáš, Gurka Oliver, Šišmiš Lukáš, Martínek Tomáš, Kořenek Jan Detail
  • The collection of classification modules detecting security threats, software, 2023
    Authors: Plný Richard, Luxemburk Jan, Hynek Karel, Čejka Tomáš, Šiška Pavel, Koumar Josef, Jeřábek Kamil Detail
Back to top