Ing. Tibor Engler


Flow-based Encrypted Traffic Analysis

Strategická podpora rozvoje bezpečnostního výzkumu ČR 2019 - 2025 (IMPAKT 1)
Ministry of Interior
2022 - 2025
The project researches new methods of effective protection against cyber threats that misuse secured communication for cyber attacks against servers and computers in the environment of high-speed networks. Based on available metadata, the project will investigate Machine learning methods suitable for determining the characteristics of the encrypted network flows and associated risks. The system will be implemented using a hardware-accelerated traffic monitor and a software prototype for high-speed detection of security incidents, which will be reported to the SIEM tool. Further, a plug-in to the QRadar system for the incident analysis will be developed. The project outcomes will also include reference data sets of network traffic and a system for their collection and annotation.