FI:PV210 Network Traffic Analysis - Course Information

PV210 Security analysis of network traffic

Extent and Intensity

2/1/0. 3 credit(s) (plus extra credits for completion). Type of Completion: k (colloquium).

Teacher(s)

doc. RNDr. Jan Vykopal, Ph.D. (lecturer)
doc. Ing. Pavel Čeleda, Ph.D. (lecturer)
RNDr. Martin Drašar, Ph.D. (assistant)
RNDr. Tomáš Jirsík, Ph.D. (assistant)
RNDr. Daniel Kouřil, Ph.D. (assistant)
RNDr. Michal Procházka, Ph.D. (assistant)
RNDr. Petr Velan, Ph.D. (assistant)

Guaranteed by

doc. RNDr. Eva Hladká, Ph.D.
Department of Computer Systems and Communications – Faculty of Informatics
Contact Person: doc. RNDr. Jan Vykopal, Ph.D.
Supplier department: Department of Computer Systems and Communications – Faculty of Informatics

Timetable

Wed 16:00–17:50 A319

• Timetable of Seminar Groups:

PV210/01: each odd Friday 12:00–13:50 A219, P. Čeleda, T. Jirsík, D. Kouřil, M. Procházka, P. Velan, J. Vykopal
PV210/02: each even Friday 12:00–13:50 A219, P. Čeleda, T. Jirsík, D. Kouřil, M. Procházka, P. Velan, J. Vykopal

Prerequisites (in Czech)

(( MB104 Discrete mathematics || MV011 Statistics I ) && ( PB156 Computer Networks || PV183 Computer Networks Technology ) ) || SOUHLAS

Course Enrolment Limitations

The course is also offered to the students of the fields other than those the course is directly associated with.
The capacity limit for the course is 30 student(s).
Current registration and enrolment status: enrolled: 0/30, only registered: 0/30, only registered with preference (fields directly associated with the programme): 0/30

fields of study / plans the course is directly associated with

• Applied Informatics (programme FI, B-AP)
• Applied Informatics (programme FI, N-AP)
• Information Technology Security (programme FI, N-IN)
• Bioinformatics (programme FI, B-AP)
• Bioinformatics (programme FI, N-AP)
• Information Systems (programme FI, N-IN)
• Informatics with another discipline (programme FI, B-EB)
• Informatics with another discipline (programme FI, B-FY)
• Informatics with another discipline (programme FI, B-GE)
• Informatics with another discipline (programme FI, B-GK)
• Informatics with another discipline (programme FI, B-CH)
• Informatics with another discipline (programme FI, B-IO)
• Informatics with another discipline (programme FI, B-MA)
• Informatics with another discipline (programme FI, B-TV)
• Informatics (eng.) (programme FI, D-IN4)
• Informatics (programme FI, D-IN4)
• Mathematical Informatics (programme FI, B-IN)
• Parallel and Distributed Systems (programme FI, B-IN)
• Parallel and Distributed Systems (programme FI, N-IN)
• Computer Graphics and Image Processing (programme FI, B-IN)
• Computer Graphics (programme FI, N-IN)
• Computer Networks and Communication (programme FI, B-IN)
• Computer Networks and Communication (programme FI, N-IN)
• Computer Systems and Technologies (eng.) (programme FI, D-IN4)
• Computer Systems and Technologies (programme FI, D-IN4)
• Computer Systems and Data Processing (programme FI, B-IN)
• Computer Systems (programme FI, N-IN)
• Embedded Systems (eng.) (programme FI, N-IN)
• Programmable Technical Structures (programme FI, B-IN)
• Embedded Systems (programme FI, N-IN)
• Service Science, Management and Engineering (eng.) (programme FI, N-AP)
• Service Science, Management and Engineering (programme FI, N-AP)
• Social Informatics (programme FI, B-AP)
• Theoretical Informatics (programme FI, N-IN)
• Upper Secondary School Teacher Training in Informatics (programme FI, N-SS) (2)
• Artificial Intelligence and Natural Language Processing (programme FI, B-IN)
• Artificial Intelligence and Natural Language Processing (programme FI, N-IN)
• Image Processing (programme FI, N-AP)

Course objectives

The lecture deals with methods and tools for security analysis of network traffic. Mathematical and visualisation methods processing aggregated characteristics of TCP/IP data are introduced as well as simple but useful methods. Apart from traffic volume quantities, the primary focus will be on IP traffic flows with emphasis on network security. We are aimed at high-speed networks. The studied methods will be illustrated on traffic samples from the Masaryk university network.
At the end of the course student should be able to:
understand the structure of data on local network and its edge;
understand basic methods for analysis of traffic and use relevant tools;

Syllabus

• Fundamentals of TCP/IP communication and application protocols.
• Network attacks and network layers. Network security devices: IDS/IPS, antispam filter, antivirus.
• Basics of network monitoring: packets, IP data flows, measurement methods, tools for their analysis and visualisation.
• Simple and advanced methods proccessing IP flow data. Traffic volume quantities, time-series analysis, prediction methods.
• Incident handling, an essential service of a CSIRT.
• Forensic analysis of a simulated incident (analysis of data from heterogeneous sources).

Literature

• Brutlag, J.: Aberrant behaviour Detection in Time Series for Network Monitoring, 2000
• Scarfone, K. Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). Recommendations of the National Institute of Standards and Technology, 2007.
• Lakhina A., Crovella M., Diot C. Mining anomalies using traffic feature distributions. In: Proc. ACM SIGCOMM'05, p. 217-228, 2005.
• SANS: The Top Cyber Security Risks. http://www.sans.org/top-cyber-security-risks
• Bellovin, S. M. Security problems in the TCP/IP protocol suite.
• Quittek J. et al. Requirements for IP Flow Information Export (IPFIX). RFC 3917, IETF, 2004.

Teaching methods

Lectures including class discussion, homeworks, seminars in computer lab.

Assessment methods

Homeworks during the semester, written test and discussion (colloquium).

Language of instruction

Czech

Further Comments

Study Materials
The course is taught annually.

• Enrolment Statistics (Autumn 2014, recent)
  
• Permalink: https://is.muni.cz/course/fi/autumn2014/PV210