D 2016

Detecting Advanced Network Threats Using a Similarity Search

ČERMÁK, Milan and Pavel ČELEDA

Basic information

Original name

Detecting Advanced Network Threats Using a Similarity Search

Name in Czech

Detekce pokročilých síťových útoků pomocí podobnostního vyhledávání

Authors

ČERMÁK, Milan (203 Czech Republic, guarantor, belonging to the institution) and Pavel ČELEDA (203 Czech Republic, belonging to the institution)

Edition

9701. vyd. Munich, Germany, Management and Security in the Age of Hyperconnectivity, p. 137-141, 5 pp. 2016

Publisher

Springer International Publishing

Other information

Language

English

Type of outcome

Proceedings paper

Field of Study

Informatics

Country of publisher

Germany

Confidentiality degree

is not subject to a state or trade secret

Publication form

printed version "print"

References:

RIV identification code

RIV/00216224:14610/16:00087690

Organization

Ústav výpočetní techniky – Repository – Repository

ISBN

978-3-319-39813-6

ISSN

UT WoS

000389804200014

EID Scopus

2-s2.0-84976643067

Keywords (in Czech)

podobnostní vyhledávání, síťová data, klasifikace, síťové hrozby

Keywords in English

similarity search; network data; classification; network threats

Links

VI20162019029, research and development project.
Changed: 2/9/2020 22:22, RNDr. Daniel Jakubík

Abstract

V originále

In this paper, we propose a novel approach for the detection of advanced network threats. We combine knowledge-based detections with similarity search techniques commonly utilized for automated image annotation. This unique combination could provide effective detection of common network anomalies together with their unknown variants. In addition, it offers a similar approach to network data analysis as a security analyst does. Our research is focused on understanding the similarity of anomalies in network traffic and their representation within complex behaviour patterns. This will lead to a proposal of a system for the realtime analysis of network data based on similarity. This goal should be achieved within a period of three years as a part of a PhD thesis.

Files attached

http://is.muni.cz/repo/1340809/presentation.pdf Licence Creative Commons
http://is.muni.cz/repo/1340809/paper.pdf Licence Creative Commons File version
https://is.muni.cz/publication/1340809/2016-AIMS-detecting-network-threats-similarity-search-presentation.pdf Licence Creative Commons
https://is.muni.cz/publication/1340809/2016-AIMS-detecting-network-threats-similarity-search-paper.pdf Licence Creative Commons File version