Using of time characteristic in Netflow data for improvement of protocol detection

• Authors: PISKAČ Pavel; NOVOTNÝ Jiří
• Year of publication: 2010
• Type: R&D Presentation
• MU Faculty or unit: Institute of Computer Science
• Description: Protocol detection is very important for network security applications. This information can be gathered from NetFlow data with method based on port numbers, but port numbers can be changed easily. This work brings an idea how to detect protocols using additional information about gaps between packets, which is different for each protocol. This property allows us to detect one specific situation - dictionary attack on SSH - so far.

Related projects

• CYBER - Security of Czech Army Information and Communication Systems - On-line Monitoring, Visualization and Packet Filtration. Computer Incident Response Capability Development in the Cyber Defence Environment