Category Archives: Publication

Anomaly-Based Network Intrusion Detection Using Wavelets and Adversarial Autoencoders

The number of intrusions and attacks against data networks and networked systems increases constantly, while encryption has made it more difficult to inspect network traffic and classify it as malicious. In this paper, an anomaly-based intrusion detection system using Haar wavelet transforms in combination with an adversarial autoencoder was developed for detecting malicious TLS-encrypted Internet traffic. […]

Blue Team Communication and Reporting for Enhancing Situational Awareness from White Team Perspective in Cyber Security Exercises

Cyber security exercises allow individuals and organisations to train and test their skills in complex cyber attack situations. In order to effectively organise and conduct such exercise, the exercise control team must have accurate situational awareness of the exercise teams. In this paper, the communication patterns collected during a large-scale cyber exercise, and their possible […]

On Application-Layer DDoS Attack Detection in High-Speed Encrypted Networks

Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate requests from legitimately connected network machines which makes these attacks undetectable for signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections […]

Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic

Distributed denial-of-service (DDoS) attacks are one of the most serious threats to today’s high-speed networks. These attacks can quickly incapacitate a targeted business, costing victims millions of dollars in lost revenue and productivity. In this paper, we present a novel method which allows us to timely detect application-layer DDoS attacks that utilize encrypted protocols by […]

Architecture for the Cyber Security Situational Awareness System

Networked software systems have a remarkable and critical role in the modern society. There are critical software systems in every business area. At the same time, the amount of cyber-attacks against those critical networked software systems has increased in large measures. Because of that, the cyber security situational awareness of the own assets plays an […]

Increasing Web Service Availability by Detecting Application-Layer DDoS Attacks in Encrypted Traffic

Nowadays, zero-day Denial-of-Service (DoS) attacks become frighteningly common in high-speed networks due to constantly increasing number of vulnerabilities. Moreover, these attacks become more sophisticated, and, therefore, they are hard to detect before they damage several networks and hosts. Due to these reasons, real-time monitoring, processing and network anomaly detection must be among key features of […]

Model for Sharing the Information of Cyber Security Situation Awareness between Organizations

Exchanging of Situation Awareness information is extremely important for organizations in order to survive as part of the cyber domain. The situation Awareness is required for decision making and for an early warning of upcoming threats. Situation Awareness and the security information in the cyber domain differ from the kinetic domain. Because of that, Situation […]

Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol

Denial of Service attacks remain one of the most serious threats to the Internet nowadays. In this study, we propose an algorithm for detection of Denial of Service attacks that utilize SSL/TLS protocol. These protocols encrypt the data of network connections on the application layer which makes it impossible to detect attackers activity based on […]

Analysis of Approaches to Internet Traffic Generation for Cyber Security Research and Exercise

Because of the severe global security threat of malwares, vulnerabilities and attacks against networked systems cyber-security research, training and exercises are required for achieving cyber resilience of organizations. Especially requirement for organizing cyber security exercises has become more and more relevant for companies or government agencies. Cyber security research, training and exercise require closed Internet […]

Online detection of anomalous network flows with soft clustering

In this study, we apply an anomaly-based approach to analyze traffic flows transferred over a network to detect the flows related to different types of attacks. Based on the information extracted from network flows a model of normal user behavior is discovered with the help of several clustering techniques. This model is then used to […]