The aim of this project is developing tools for network and application performance analysis based on network monitoring and complex event processing of security and performance events. It will employ methods of anomaly detection and behavioral analysis, which will be used to identify performance-related problems of applications in a monitored network. Detected events will be aggregated into higher-order events, which will in turn enable correlation with both performance and security events. By correlating events and finding connections between them, it will be possible to identify the cause of network problems, to visualize it to administrators and help them to resolve it.
Full name of the project: Research and Development of Advanced Analytics Tools for Security and Performance Analysis of Network Infrastructure, Applications and Services (ITOA)
The project TH02010185 is solved with the financial support of TACR.
The aim of this project is research and development in the area of testing security network devices with a focus on flow-based monitoring probes. The main goal is to create a testing environment (testbed) where all the outcomes will be deployed and available. These include a test automation orchestration system, a high-speed traffic generator from given network profiles, and a toolset for automatic evaluation of tests. Furthermore, to achieve practical applicability of the testing infrastructure, creating a set of test cases, including traffic samples and a network profile generation tool, are considered. The environment enables the users (or security auditors) to validate selected network devices' functionality before their actual deployment to the target network.
The aim is to create a system that achieves higher threat detection rate and better quality of data acquisition in networks. That will be accomplished using feedback loop from detection systems to probes. Detection systems will, based on data analysis, request probes to perform more detailed analysis of a selected traffic portion. Probes will carry out additional processing, eg. application layer processing or full packet capture. New probe for 400 Gbps processing will be created in the project.
The goal of the project is to design a new system for threat detection using contextual NetFlow analysis. This analysis is based on revealing the relationships between individual network traffic records without the need to decrypt the traffic to improve the analysis capabilities compared to the classical approach, which is based on the analysis of only individual records in isolation. With the new type of analysis, it is possible to identify threats that are currently hidden due to encryption and, at the same time, provide network administrators additional information to create an overall picture of the state of the network, services, or applications used.
The aim of the project to design and implement a system for security and safety of critical infrastructure of the Smart Grids. The system will provide visibility of ICS communication within the Smart Grid and detection of cyber attacks or malfuctioning. The detection system will be based on traffic profiles.
Europe needs to step up its efforts and strengthen its very own security capacities to secure its digital society, economy, and democracy. The vision for Europe can only be to join forces across Europe’s research, industry and public sector and to include all talents not just those that have representation in the EU mainstream or are within big organizations.
The area of cybersecurity is geographically fragmented across Europe for competences, and often also technically fragmented with problem-specific development of security solutions. There is no doubt that excellent research exists in Europe. Nevertheless, it is a fact that this research does not result in IT products and solutions that contribute to the European Single Digital Market. On contrary, a lot of research, also financed by EU ERC grants, is tested on real data in large US companies that cooperate with them. Europe has to and is already rethinking this strategy.
CONCORDIA addresses the current fragmentation of security competence by networking diverse competences into a leadership role via a synergistic agglomeration of a pan-European Cybersecurity Center. The vision of CONCORDIA is to build a community a strong cooperation between all stakeholders, understanding that all stakeholders are fostering the development of IT products and solutions along the whole supply chain.
The emergence of the NCC Centre is a response to strong demand for products and solutions to ensure cybersecurity of critical and noncritical information infrastructures. The Center brings together top research institutes and long-term cybersecurity industries to do collaborative R&D in cybersecurity solutions at the HW and SW level and mechanisms for certifying security features of the products. With its industry partners, the Center will seek to deploy the solutions in the ever-growing cybersecurity market. It will strengthen the Czech industry and research at European and world level.
The project TN01000077 is solved with the financial support of TACR.
The goal of the presented project is to develop a software tool that: i) performs a highly-configurable traffic recording, ii) analyzes network traffic to diagnose network communication problems, performance degradation or security threats, and iii) provides visualization of evidence to network administrators in a simple and readable form. The project’s result will be integrated to existing network monitoring platform and will be sold as a new product.
The project TH02010186 is solved with the financial support of TACR.
DEMONS envisions building a novel cooperative network monitoring and mitigation system based on a completely decentralized, application-aware, privacy-preserving, multi-jurisdictional monitoring infrastructure. Such an infrastructure will provide the detection, reporting and mitigation mechanisms needed to combat not only today’s threats, but also those of tomorrow. DEMONS aims to realize this infrastructure by applying novel distributed systems technologies and leveraging their native scalability and fault tolerance characteristics. In doing this, DEMONS puts special emphasis on privacy, trust, and legal issues arising from collecting and exporting data across operator domains and across multiple jurisdictions.
The goal of ACEMIND project is an applied research in the area of interconnection, configuration and monitoring of hybrid computer networks and devices connected in digital homes and small enterprises. The project outputs include (1) architecture and design of advanced convergent and easily manageable hybrid networks, (2) research and development of tools for management and monitoring of hybrid networks, (3) dissemination, standardization and teaching activities in hybrid networks area.
Distributed system for complex monitoring of high-speed networks
The aim of the Project is the distributed system for monitoring of 40/100 Gigabit Ethernet networks, consisting of measurement probes with hardware-accelerated functions and software for collecting data from the probes, its centralized storage, visualization and evaluation. Hardware-accelerated data acquisition will be realized by custom FPGA-based board, which will allow the use of firmware equipped with specialized monitoring functions. The design and realization of these functions for 100 Gb/s throughput is a non-trivial research goal. The collected data will be sent by the exporter in the IPFIX protocol to the central collector. Compared to the Netflow protocol, IPFIX allows to export more detailed information about the flows (ie. information from the HTTP and DNS protocols). The system will use this possibility to improve the quality of monitoring. Central collector will store data from the measurement probes, while the amount of data imposes requirements on finding of the new high-speed way of storage. It will be possible to display the stored data in the well arranged user interface, and there will also be the possibility of fast data access for the additional processing. The whole system will be configured via the NETCONF protocol, which was designed just for the configuration of the network devices.
The proposed project will provide novel solution to IoT monitoring and investigation for Industrial IoT and Smart Home IoT implementations. We intentionally restrict the scope of the project to make it practically feasible to produce results targeting the market opportunities of involved commercial partners. Two software products will be delivered: (a) Flowmon IoT Monitoring and Diagnostic Toolset will monitor IoT networks, and detect problems caused by IoT devices or user misbehavior, (b) Hancom GMD IoT Forensic Toolset will be focused on the procedure to correctly acquire live data from a multitude of different IoT devices on the network. These tools will be included in product portfolio of project’s respective partners.
The project TF03000029 is solved with the financial support of TACR.
This project aims at developing a new generation of attack and network anomaly detection system. Three software results will be developed. a) Behavioural analysis applied on application layer (L7) data with the goal to detect threats and attack on this level. b) System for reputation databases will consolidate the processing of external feeds, clean data, assess data from the viewpoint of relevance to the network entity or organization, and correlate with other detected events. c) Artificial intelligence for knowledge derivation will implement automation and support of user activities in the system. Based on user behaviour the system will adapt to given etwork, services and applications which will reciprocally lead to improvement of detection results.
The project TH04010073 is solved with the financial support of TACR.
The aim of the project is a development of intelligent sensors for monitoring and analysis of network traffic in a cloud environment. We plan to research novel monitoring approaches focusing on resource optimization, autonomous management, and collection of monitoring infrastructure telemetry. Management and data collection will use secured channels to prevent misuse of the transferred information. The intelligent sensors will deliver accurate and trustworthy information from cloud environment while minimizing the cost of monitoring. The project results enable the providers to design new cloud applications and services. Partial results achieved during the project will be immediately integrated into Flowmon portfolio and introduced in cloud monitoring market as soon as possible.
The project TH04010072 is solved with the financial support of TACR.
Goal of this project is to develop innovative solution for up-to-date services and infrastructure enabling to detect operational and security risks (i.e. attacks, anomalies, failures or decreased service quality). The developed solution will meet customer requirements for processing and analysis of enormous amounts of specific network-related data. The solution will enable to collect and store data of various precision and perform deep analysis in real time. It will also allow complex querying over extensive data with interactive responsibility. Deployment in the software-as-a-service and security-as-a-service models should be possible. The developed solution should scale and adapt to specific needs. In consequence, it will be applicable by wide range of customers – from large Internet and services providers to small organisations.
The project aims to create a device to process and filter traffic on high-speed networks (up to 400 Gbps) with HW and SW support for application analysis of packets. The device will feature modular design allowing to add support for specific application protocols (as plug-ins). Hardware-accelerated network cards will be used to achieve high processing performance. Accelerators will provide Ethernet interface with total throughput of 400 Gbps in both directions. The software layer will be prepared to collaborate with common network adaptors with lower performance but affordable price.