Grouping evil IP addresses

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F18%3A10133092" target="_blank" >RIV/63839172:_____/18:10133092 - isvavai.cz</a>

Výsledek na webu

—

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Grouping evil IP addresses

Popis výsledku v původním jazyce

Botnet is a group of devices that synchronously performs distributed attacks. Botnets currently represent a very dangerous potential threat to all systems. Botnets can attack with great force, especially when it comes to botnets of many hundreds and thousands of bots. Defense against distributed attacks plays an important role in defending the entire system. The Intrusion Detection System (IDS) is part of the defense. This system monitors network traffic and detects suspicious activity that could lead to a system security breach. IDS is a source of reported detected security events that are solved by Incident response. Sharing information from these reports can help you get a global view. The NERD system was developed CESNET, the operator of the Czech National Research and Education Network (NREN). System NERD collects information about all malicious entities on the network and manages a reputation database over them. This presentation describes the design and implementation of the new system GRIP (Group of IPs). The presentation also describes the analysis of security incidents records in IDEA format. Based on this analysis an algorithm was designed to create groups of suspicious network addresses from a security incident.

Název v anglickém jazyce

Grouping evil IP addresses

Popis výsledku anglicky

Botnet is a group of devices that synchronously performs distributed attacks. Botnets currently represent a very dangerous potential threat to all systems. Botnets can attack with great force, especially when it comes to botnets of many hundreds and thousands of bots. Defense against distributed attacks plays an important role in defending the entire system. The Intrusion Detection System (IDS) is part of the defense. This system monitors network traffic and detects suspicious activity that could lead to a system security breach. IDS is a source of reported detected security events that are solved by Incident response. Sharing information from these reports can help you get a global view. The NERD system was developed CESNET, the operator of the Czech National Research and Education Network (NREN). System NERD collects information about all malicious entities on the network and manages a reputation database over them. This presentation describes the design and implementation of the new system GRIP (Group of IPs). The presentation also describes the analysis of security incidents records in IDEA format. Based on this analysis an algorithm was designed to create groups of suspicious network addresses from a security incident.

Druh

O - Ostatní výsledky

CEP obor

—

OECD FORD obor

20206 - Computer hardware and architecture

Projekt

<a href="/cs/project/LM2015042" target="_blank" >LM2015042: E-infrastruktura CESNET</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů