PV210 Security analysis of network traffic

Faculty of Informatics
Autumn 2009
Extent and Intensity
2/0/1. 3 credit(s) (plus extra credits for completion). Recommended Type of Completion: k (colloquium). Other types of completion: zk (examination).
Teacher(s)
doc. RNDr. Jan Vykopal, Ph.D. (lecturer), prof. RNDr. Václav Matyáš, M.Sc., Ph.D. (deputy)
Guaranteed by
prof. RNDr. Václav Matyáš, M.Sc., Ph.D.
Department of Computer Systems and Communications – Faculty of Informatics
Contact Person: prof. RNDr. Václav Matyáš, M.Sc., Ph.D.
Timetable
Fri 10:00–11:50 B410
Prerequisites
basic calculus, probability and statistics
Course Enrolment Limitations
The course is also offered to the students of the fields other than those the course is directly associated with.
fields of study / plans the course is directly associated with
there are 40 fields of study the course is directly associated with, display
Course objectives
The lecture deals with methods and tools for security analysis of network traffic. Mathematical and visualisation methods processing aggregated characteristics of TCP/IP data are introduced as well as simple but useful methods. Apart from traffic volume quantities, the primary focus will be on IP traffic flows with emphasis on network security. We are aimed at high-speed networks. The studied methods will be illustrated on traffic samples from the Masaryk university network.
At the end of the course student should be able to:
understand the structure of data on local network and its edge;
understand basic methods for analysis of traffic and use relevant tools;
Syllabus
  • Fundamentals of TCP/IP communication and application protocols.
  • Network attacks and network layers. Network security devices: IDS/IPS, antispam filter, antivirus.
  • Basics of network monitoring: packets, IP data flows, measurement methods, tools for their analysis and visualisation.
  • Simple and advanced methods proccessing IP flow data. Traffic volume quantities, time-series analysis, prediction methods. Distribution of key items of IP flows (addresses and ports) in traffic samples: entropy and principal component analysis. Overview of available implementations.
Literature
  • Venables W. N., Ripley B. D.: Modern Applied Statistics with S. Springer, 2002.
  • Wei W. W. S. Time Series Analysis, Second Edition. Pearson, 2006.
  • Lakhina A., Crovella M., Diot C. Mining anomalies using traffic feature distributions. In: Proc. ACM SIGCOMM'05, p. 217-228, 2005.
  • Kohler E. et al. Observed structure of addresses in IP traffic. IEEE/ACM Trans. Networking 14(6):1400-1412, 2006.
  • Quittek J. et al. Requirements for IP Flow Information Export (IPFIX). RFC 3917, IETF, 2004.
  • Peitgen H.-O., Jürgens H., Saupe D.: Chaos and Fractals: New Frontiers of Science. Springer, 1992.
  • Cook D., Swayne D. F.: Interactive and Dynamic Graphics for Data Analysis. Springer, 2007.
Teaching methods
Lectures including class discussion and homeworks.
Assessment methods
Homeworks during the semester, written test and discussion (colloquium).
Language of instruction
Czech
Further Comments
The course is taught annually.
The course is also listed under the following terms Autumn 2008, Autumn 2010, Autumn 2011, Autumn 2012, Autumn 2013, Autumn 2014, Autumn 2015, Autumn 2016, Autumn 2017, Autumn 2018, Autumn 2019, Autumn 2021, Autumn 2022, Autumn 2023.
  • Enrolment Statistics (Autumn 2009, recent)
  • Permalink: https://is.muni.cz/course/fi/autumn2009/PV210