VNET: Improving network cybersecurity with hybrid approaches
Network communication is under constant monitoring to detect any unexpected behavior (anomalies). This project focuses on anomaly detection, especially on the harmful anomalies caused by cybercriminals.
VNET as a provider of comprehensive telecommunications solutions strives to improve its monitoring, warning and protection capabilities for their clients. VNET is able to actively protect the clients from attacks such as DDoS and others; or they can at least warn a client that something unusual (an anomaly) is happening with their computer, server, or subnet.
There are two basic approaches to detect such threats:
- by a signature based approach
- by detecting anomalous behavior in network traffic
Both approaches have their advantages and disadvantages and may be combined in hybrid approaches. This is part of our expertise at KInIT.
KInIT created a proposal for better data gathering from the research point of view with practical implications. The dataset will be created with focus on machine learning approaches with different sampling rates and attack visibility together with statistical analysis of a new dataset from the real network traffic.
We are working on several models that will serve different needs of the whole solution, e.g.: filter known attacks, create network profiles, anomaly detection module. All modules have to cooperate with each other and they have to be prepared for use in production in VNET’s environment.
„Finding patterns and correlations in data are the key, not just for this project; rise of artificial intelligence will be another tectonic shift for the whole mankind.“
Lead and Researcher