Threat Detection Through Correlation of Network Flows and Logs
| Authors | |
|---|---|
| Year of publication | 2018 |
| Type | Article in Proceedings |
| Conference | Proceedings of the 12th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2018) |
| MU Faculty or unit | |
| Citation | |
| Web | http://www.aims-conference.org/2018/AIMS-2018-Proceedings.pdf |
| Keywords | intrusion detection; network flows; network logs; encrypted traffic |
| Attached files | |
| Description | A rising amount of mutually interconnected and communicating devices puts increasing demands on cybersecurity operators and their tools. With the rise of end-to-end encryption, it is becoming increasingly difficult to detect threats in network traffic. With such motivation, this Ph.D. proposal aims to find new methods for automatic detection of threats hiding in encrypted channels. The focus of the proposal is on correlating the data still available in the encrypted network flows with the data contained in the logs of network applications. Our research is in the initial phase and will contribute to a Ph.D. thesis in four years. |
| Related projects: |