Grouping evil IP addresses
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F18%3A10133092" target="_blank" >RIV/63839172:_____/18:10133092 - isvavai.cz</a>
Výsledek na webu
—
DOI - Digital Object Identifier
—
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Grouping evil IP addresses
Popis výsledku v původním jazyce
Botnet is a group of devices that synchronously performs distributed attacks. Botnets currently represent a very dangerous potential threat to all systems. Botnets can attack with great force, especially when it comes to botnets of many hundreds and thousands of bots. Defense against distributed attacks plays an important role in defending the entire system. The Intrusion Detection System (IDS) is part of the defense. This system monitors network traffic and detects suspicious activity that could lead to a system security breach. IDS is a source of reported detected security events that are solved by Incident response. Sharing information from these reports can help you get a global view. The NERD system was developed CESNET, the operator of the Czech National Research and Education Network (NREN). System NERD collects information about all malicious entities on the network and manages a reputation database over them. This presentation describes the design and implementation of the new system GRIP (Group of IPs). The presentation also describes the analysis of security incidents records in IDEA format. Based on this analysis an algorithm was designed to create groups of suspicious network addresses from a security incident.
Název v anglickém jazyce
Grouping evil IP addresses
Popis výsledku anglicky
Botnet is a group of devices that synchronously performs distributed attacks. Botnets currently represent a very dangerous potential threat to all systems. Botnets can attack with great force, especially when it comes to botnets of many hundreds and thousands of bots. Defense against distributed attacks plays an important role in defending the entire system. The Intrusion Detection System (IDS) is part of the defense. This system monitors network traffic and detects suspicious activity that could lead to a system security breach. IDS is a source of reported detected security events that are solved by Incident response. Sharing information from these reports can help you get a global view. The NERD system was developed CESNET, the operator of the Czech National Research and Education Network (NREN). System NERD collects information about all malicious entities on the network and manages a reputation database over them. This presentation describes the design and implementation of the new system GRIP (Group of IPs). The presentation also describes the analysis of security incidents records in IDEA format. Based on this analysis an algorithm was designed to create groups of suspicious network addresses from a security incident.
Klasifikace
Druh
O - Ostatní výsledky
CEP obor
—
OECD FORD obor
20206 - Computer hardware and architecture
Návaznosti výsledku
Projekt
<a href="/cs/project/LM2015042" target="_blank" >LM2015042: E-infrastruktura CESNET</a><br>
Návaznosti
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Ostatní
Rok uplatnění
2018
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů