Introduction
The FETA (Flow-based Encrypted Traffic Analysis) project is a security research initiative focused on effectively monitoring and analyzing encrypted network traffic in modern high-speed networks. The project was carried out by a consortium led by CESNET, in cooperation with FIT CTU in Prague and FIT BUT in Brno.
As encrypted network traffic becomes prevalent, traditional monitoring tools lose their effectiveness in detecting and responding to cybersecurity threats. Therefore, the FETA project developed innovative methods utilizing machine learning and advanced network traffic metadata to identify security incidents without decrypting the communication. The project produced new technologies and tools enabling:
-
Monitoring of encrypted network communication
-
Detection of cyber attacks on infrastructure and services
-
Enhancement of network and device cybersecurity
The project outcomes were developed in cooperation with the National Cyber Operations Center (under the Ministry of Defense of the Czech Republic) and include:
-
V1: Architecture and software for high-speed encrypted traffic processing
-
V2: Visual-analytics extension for SIEM QRadar platform
-
V3: Machine learning-based classification and detection modules
-
V4: Datasets for training detection models
-
V5: A semi-automated system for creating and annotating datasets
