Efficient Extraction of Network Event Types from NetFlows

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F19%3A00328141" target="_blank" >RIV/68407700:21230/19:00328141 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1155/2019/8954914" target="_blank" >https://doi.org/10.1155/2019/8954914</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1155/2019/8954914" target="_blank" >10.1155/2019/8954914</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Efficient Extraction of Network Event Types from NetFlows

Popis výsledku v původním jazyce

To perform sophisticated traffic analysis, such as intrusion detection, network monitoring tools firstly need to extract higher-level information from lower-level data by reconstructing events and activities from as primitive information as individual network packets or traffic flows. Aggregating communication data into meaningful entities is an open problem and existing, typically clustering-based, solutions are often highly suboptimal, producing results that may misinterpret the extracted information and consequently miss many network events. We propose a novel method for the extraction of various predefined types of network events from raw network flow data. The new method is based on analysis of computational properties of the event types as prescribed by their attributes in a given descriptive language. The corresponding events are then extracted with a supreme recall as compared to a respective event extraction part of an in-production intrusion detection system Camnep.

Název v anglickém jazyce

Efficient Extraction of Network Event Types from NetFlows

Popis výsledku anglicky

To perform sophisticated traffic analysis, such as intrusion detection, network monitoring tools firstly need to extract higher-level information from lower-level data by reconstructing events and activities from as primitive information as individual network packets or traffic flows. Aggregating communication data into meaningful entities is an open problem and existing, typically clustering-based, solutions are often highly suboptimal, producing results that may misinterpret the extracted information and consequently miss many network events. We propose a novel method for the extraction of various predefined types of network events from raw network flow data. The new method is based on analysis of computational properties of the event types as prescribed by their attributes in a given descriptive language. The corresponding events are then extracted with a supreme recall as compared to a respective event extraction part of an in-production intrusion detection system Camnep.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/EF16_019%2F0000765" target="_blank" >EF16_019/0000765: Výzkumné centrum informatiky</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2019

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Security and Communication Networks

ISSN

1939-0114

e-ISSN

1939-0122

Svazek periodika

2019

Číslo periodika v rámci svazku

February

Stát vydavatele periodika

DE - Spolková republika Německo

Počet stran výsledku

18

Strana od-do

—

Kód UT WoS článku

000459101500001

EID výsledku v databázi Scopus

2-s2.0-85062343255