Threat Detection Through Correlation of Network Flows and Logs

Authors

ŠPAČEK Stanislav ČELEDA Pavel

Year of publication 2018
Type Article in Proceedings
Conference Proceedings of the 12th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2018)
MU Faculty or unit

Institute of Computer Science

Citation
Web http://www.aims-conference.org/2018/AIMS-2018-Proceedings.pdf
Keywords intrusion detection; network flows; network logs; encrypted traffic
Attached files
Description A rising amount of mutually interconnected and communicating devices puts increasing demands on cybersecurity operators and their tools. With the rise of end-to-end encryption, it is becoming increasingly difficult to detect threats in network traffic. With such motivation, this Ph.D. proposal aims to find new methods for automatic detection of threats hiding in encrypted channels. The focus of the proposal is on correlating the data still available in the encrypted network flows with the data contained in the logs of network applications. Our research is in the initial phase and will contribute to a Ph.D. thesis in four years.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info