All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Efficient Extraction of Network Event Types from NetFlows

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F19%3A00328141" target="_blank" >RIV/68407700:21230/19:00328141 - isvavai.cz</a>

  • Result on the web

    <a href="https://doi.org/10.1155/2019/8954914" target="_blank" >https://doi.org/10.1155/2019/8954914</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1155/2019/8954914" target="_blank" >10.1155/2019/8954914</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Efficient Extraction of Network Event Types from NetFlows

  • Original language description

    To perform sophisticated traffic analysis, such as intrusion detection, network monitoring tools firstly need to extract higher-level information from lower-level data by reconstructing events and activities from as primitive information as individual network packets or traffic flows. Aggregating communication data into meaningful entities is an open problem and existing, typically clustering-based, solutions are often highly suboptimal, producing results that may misinterpret the extracted information and consequently miss many network events. We propose a novel method for the extraction of various predefined types of network events from raw network flow data. The new method is based on analysis of computational properties of the event types as prescribed by their attributes in a given descriptive language. The corresponding events are then extracted with a supreme recall as compared to a respective event extraction part of an in-production intrusion detection system Camnep.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/EF16_019%2F0000765" target="_blank" >EF16_019/0000765: Research Center for Informatics</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2019

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Security and Communication Networks

  • ISSN

    1939-0114

  • e-ISSN

    1939-0122

  • Volume of the periodical

    2019

  • Issue of the periodical within the volume

    February

  • Country of publishing house

    DE - GERMANY

  • Number of pages

    18

  • Pages from-to

  • UT code for WoS article

    000459101500001

  • EID of the result in the Scopus database

    2-s2.0-85062343255

Similar results(10)

*Event Reconstruction from Network FlowsFlow Based Network Intrusion Detection System using Hardware-Accelerated NetFlow ProbesTowards Real-Time Intrusion Detection for NetFlow and IPFIX