Detecting Advanced Network Threats Using a Similarity Search

Warning

This publication doesn't include Faculty of Economics and Administration. It includes Institute of Computer Science. Official publication website can be found on muni.cz.
Authors

ČERMÁK Milan ČELEDA Pavel

Year of publication 2016
Type Article in Proceedings
Conference Management and Security in the Age of Hyperconnectivity
MU Faculty or unit

Institute of Computer Science

Citation
Web http://link.springer.com/chapter/10.1007%2F978-3-319-39814-3_14
Doi http://dx.doi.org/10.1007/978-3-319-39814-3_14
Field Informatics
Keywords similarity search; network data; classification; network threats
Attached files
Description In this paper, we propose a novel approach for the detection of advanced network threats. We combine knowledge-based detections with similarity search techniques commonly utilized for automated image annotation. This unique combination could provide effective detection of common network anomalies together with their unknown variants. In addition, it offers a similar approach to network data analysis as a security analyst does. Our research is focused on understanding the similarity of anomalies in network traffic and their representation within complex behaviour patterns. This will lead to a proposal of a system for the realtime analysis of network data based on similarity. This goal should be achieved within a period of three years as a part of a PhD thesis.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.