FI:PV210 Traffic Analysis - Course Information
PV210 Security analysis of network trafficFaculty of Informatics
- Extent and Intensity
- 2/0/1. 3 credit(s) (plus extra credits for completion). Type of Completion: k (colloquium).
- RNDr. Jan Vykopal, Ph.D. (lecturer)
- Guaranteed by
- prof. RNDr. Luděk Matyska, CSc.
Department of Computer Systems and Communications - Faculty of Informatics
- Fri 8:00–9:50 B410
- Prerequisites (in Czech)
- (( MB104 Mathematics || MV011 Statistics I ) && ( PB156 Computer Networks || PV183 Computer Networks Technology ) ) || SOUHLAS
- Course Enrolment Limitations
- The course is also offered to the students of the fields other than those the course is directly associated with.
The capacity limit for the course is 30 student(s).
Current registration and enrolment status: enrolled: 0/30, only registered: 0/30, only registered with preference (fields directly associated with the programme): 0/30
- fields of study / plans the course is directly associated with
- there are 41 fields of study the course is directly associated with, display
- Course objectives
- The lecture deals with methods and tools for security analysis of network traffic. Mathematical and visualisation methods processing aggregated characteristics of TCP/IP data are introduced as well as simple but useful methods. Apart from traffic volume quantities, the primary focus will be on IP traffic flows with emphasis on network security. We are aimed at high-speed networks. The studied methods will be illustrated on traffic samples from the Masaryk university network.
At the end of the course student should be able to:
understand the structure of data on local network and its edge;
understand basic methods for analysis of traffic and use relevant tools;
- Fundamentals of TCP/IP communication and application protocols.
- Network attacks and network layers. Network security devices: IDS/IPS, antispam filter, antivirus.
- Basics of network monitoring: packets, IP data flows, measurement methods, tools for their analysis and visualisation.
- Simple and advanced methods proccessing IP flow data. Traffic volume quantities, time-series analysis, prediction methods. Distribution of key items of IP flows (addresses and ports) in traffic samples: entropy and principal component analysis. Overview of available implementations.
- Bellovin, S. M. Security problems in the TCP/IP protocol suite.
- Quittek J. et al. Requirements for IP Flow Information Export (IPFIX). RFC 3917, IETF, 2004.
- Brutlag, J.: Aberrant behaviour Detection in Time Series for Network Monitoring, 2000
- SANS: The Top Cyber Security Risks. http://www.sans.org/top-cyber-security-risks
- Lakhina A., Crovella M., Diot C. Mining anomalies using traffic feature distributions. In: Proc. ACM SIGCOMM'05, p. 217-228, 2005.
- Scarfone, K. Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). Recommendations of the National Institute of Standards and Technology, 2007.
- Teaching methods
- Lectures including class discussion and homeworks.
- Assessment methods
- Homeworks during the semester, written test and discussion (colloquium).
- Language of instruction
- Further Comments
- Study Materials
The course is taught annually.