Automating Network Security Analysis at Packet-level by using Rule-based Engine

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F19%3APU135007" target="_blank" >RIV/00216305:26230/19:PU135007 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.fit.vut.cz/research/publication/12011/" target="_blank" >https://www.fit.vut.cz/research/publication/12011/</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3352700.3352714" target="_blank" >10.1145/3352700.3352714</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Automating Network Security Analysis at Packet-level by using Rule-based Engine

Popis výsledku v původním jazyce

When a network incident is detected, a network administrator has to manually verify the incident and provide a solution to stop the incident from continuing and prevent similar incidents in the future. The network analysis is a time-consuming and labor-intensive activity which requires good network knowledge. Creating a solution which automates the administrator's work can dramatically speed up the analysis process and can make the whole process easier for less experienced administrators. In this paper, we describe a method that uses a predefined set of rules to identify incident patterns. Though this principle is used by many security tools, the new aspect is that the presented approach uses the Wireshark tool which is well known among the administrators, and it is expressive enough to specify complex relations among source data thus being able to detect quite sophisticated attacks. The created rule's format uses the same language as the Wireshark filters.

Název v anglickém jazyce

Automating Network Security Analysis at Packet-level by using Rule-based Engine

Popis výsledku anglicky

When a network incident is detected, a network administrator has to manually verify the incident and provide a solution to stop the incident from continuing and prevent similar incidents in the future. The network analysis is a time-consuming and labor-intensive activity which requires good network knowledge. Creating a solution which automates the administrator's work can dramatically speed up the analysis process and can make the whole process easier for less experienced administrators. In this paper, we describe a method that uses a predefined set of rules to identify incident patterns. Though this principle is used by many security tools, the new aspect is that the presented approach uses the Wireshark tool which is well known among the administrators, and it is expressive enough to specify complex relations among source data thus being able to detect quite sophisticated attacks. The created rule's format uses the same language as the Wireshark filters.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2019

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the Sixth European Conference on the Engineering of Computer-Based Systems

ISBN

978-1-4503-7636-5

ISSN

—

e-ISSN

—

Počet stran výsledku

8

Strana od-do

1-8

Název nakladatele

Association for Computing Machinery

Místo vydání

Bucharest

Místo konání akce

Bucharest

Datum konání akce

2. 9. 2019

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000525376600014