Richard is currently in his first year of master’s studies at the Faculty of Information Technology, Czech Technical University, Prague, with an emphasis on network security. The topic of Richard’s bachelor thesis was the detection of crypto-malware on ISP-level networks using so-called ‘’weak indicators’’ - a combination of several different data sources that are used for reliable detection. The proposed solution was deployed on the large ISP network CESNET2 in the Czech Republic, and it is already protecting half a million users.

Richard is currently focusing on further exploring the idea of weak indications and data fusion to deal with inaccurate detectors, spoofed and inaccurate data, and the overall number of alerts generated by automatic detectors. He is trying to make automatic threat detection systems more reliable and easier to use by network security operators.

Richard's participation in the Future Talent Programme (FTP23) was supported by CESNET.

This #LightningTalk was presented at TNC23 live on stage in Tirana, Albania on Wednesday 7 June 2023:
Lightning Talk Topic: DATA FUSION: THE KEY TO RELIABLE THREAT DETECTION
Secure computer networks rely on monitoring, threat detection, and security operators, who respond to automatically created alerts. Performance of current anomaly and threat detection methods is dependent on the network telemetry data they are developed on. However, network telemetry does not contain truthful information in some cases. An error can occur during transmission, or an attacker can spoof information, to confuse threat detectors. As a result, many attacks may remain undetected and false alerts might overwhelm security personnel. We are currently exploring an approach that utilises a combination of several data sources to overcome their imperfections.

Many state-of-the-art detectors are based on Machine Learning (ML) technology, which can be easily confused. Attackers can alter traffic shape by sending additional data, which is unnecessary for communication. Malicious traffic can be completely hidden by this technique and missed by the ML — an outgoing attack might not be detected at all. Data incompleteness is another problem. For example, no blocklist can ever contain every malicious IP address. Moreover, these IP addresses can change over time. Therefore the output of some detectors might not reflect reality. Current techniques, when used separately, are suffering from many pitfalls.

#TNC23 #FutureTalentProgramme #DigitalGenerations
@cvutpraha @CesnetCz

The Lightning Talk Challenge is a GÉANT initiative in which bright students are trained to master their presentation skills and craft their ideas into a 5-minutes’ Lightning Talk to deliver to the wide community attending TNC every year. Organised by GLAD, the GÉANT Learning and Development team, this challenge is part of the broader Future Talent Programme.

GÉANT: [ Ссылка ]
TNC23: [ Ссылка ]

Follow us on our social media channels:

Facebook: GÉANT Community [ Ссылка ]
Twitter: @GEANTnews [ Ссылка ]
LinkedIn: GÉANT [ Ссылка ]
Instagram: @geant_community [ Ссылка ]
Mastodon: @geant@mstdn.social [ Ссылка ]
TNC23: @TNC_GEANT [ Ссылка ]

свернуть