All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Enriching DNS Flows with Host-Based Events to Bypass Future Protocol Encryption

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F21%3A00121835" target="_blank" >RIV/00216224:14610/21:00121835 - isvavai.cz</a>

  • Result on the web

    <a href="https://doi.org/10.1007/978-3-030-78120-0_20" target="_blank" >https://doi.org/10.1007/978-3-030-78120-0_20</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-030-78120-0_20" target="_blank" >10.1007/978-3-030-78120-0_20</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Enriching DNS Flows with Host-Based Events to Bypass Future Protocol Encryption

  • Original language description

    Monitoring of host-based events and network flows are the two most common techniques for collecting and analyzing cybersecurity data. However, events and flows are either monitored separately or correlated as alerts in higher aggregated forms. The event-flow correlation on the monitoring level would match related events and flows together and enabled observing both data in near real-time. This approach allows substituting application-level flow information that will not be available due to encryption, which is being employed in a number of communication protocols. In this paper, we performed the event-flow correlation of the DNS protocol. We developed a general model that describes the relation between events and flows to enable an accurate time-based correlation where parameter-based correlation is not feasible. Based on the model, we designed three event-flow correlation methods based on common parameters and times of occurrence. We evaluated the correlation methods using a recent and public dataset, both with and without the extended flow information, to simulate DNS flow encryption. The results of the method combining parameter-based and time-based matching show that matching related DNS events to flows is possible and substitutes the data that might soon be lost in encryption.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10200 - Computer and information sciences

Result continuities

  • Project

  • Continuities

    S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2021

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    ICT Systems Security and Privacy Protection

  • ISBN

    9783030781194

  • ISSN

    1868-4238

  • e-ISSN

    1868-422X

  • Number of pages

    15

  • Pages from-to

    302-316

  • Publisher name

    Springer

  • Place of publication

    Oslo

  • Event location

    Oslo

  • Event date

    Jan 1, 2021

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

HTTPS Event-Flow Correlation: Improving Situational Awareness in Encrypted Web TrafficEvent-Flow Correlation for Anomaly Detection in HTTP/3 Web TrafficSystem for detecting encrypted DNS communication