p 2022

Toward Graph-Based Network Traffic Analysis and Incident Investigation

ČERMÁK, Milan

Základní údaje

Originální název

Toward Graph-Based Network Traffic Analysis and Incident Investigation

Autoři

Vydání

DFRWS EU 2022, 2022

Další údaje

Jazyk

angličtina

Typ výsledku

Vyžádané přednášky

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Česká republika

Utajení

není předmětem státního či obchodního tajemství

Organizační jednotka

Ústav výpočetní techniky

Klíčová slova anglicky

Network Forensics;Graph Database;Incident Investigation;Dgraph;Zeek;Association-based Analysis

Příznaky

Mezinárodní význam
Změněno: 30. 3. 2022 17:05, RNDr. Milan Čermák, Ph.D.

Anotace

V originále

Even though network traffic is typically encrypted, and it is almost impossible to look into the content of transmitted data, the analysis of metadata and characteristics of individual connections still plays an essential role in an incident or criminal investigation. In recent years, we have seen a significant development of various approaches for storing and analyz-ing large-scale data, including graph databases. Such an approach offers great potential for expert analysts performing digital forensics and network traffic investigation, as it corresponds to their natural perception of the data. In addition, it allows a simple connection of different types and sources of data, which represents the primary focus of our research.

Návaznosti

833418, interní kód MU
Název: Sharing and Automation for Privacy Preserving Attack Neutralization (Akronym: SAPPAN)
Investor: Evropská unie, Sharing and Automation for Privacy Preserving Attack Neutralization, Secure societies - Protecting freedom and security of Europe and its citizens (Societal Challenges)

Přiložené soubory

2022-DFRWS-EU-toward-graph-based-network-traffic-analysis-and-incident-investigation.pptx Licence Creative Commons
2022-DFRWS-EU-toward-graph-based-network-traffic-analysis-and-incident-investigation.pdf Licence Creative Commons