Cooperative Adaptive Mechanism for Network Protection (CAMNEP)


In CAMNEP project, we have developed an efficient and self-repairing system for detection of distortion high-speed computer networks. System visualized observed anomalies at the network and through intelligent user interface can operator simply handle network traffic. The analysis of statistical data ensured the content not be corrupted and prevented data leakage from users.

Motivation

In CAMNEP project, we aimed at creating an efficient system for high-speed important network operators´ backbone lines. CAMNEP system was built on intelligent analysis of network traffic behavior through statistic data and its visualizations helped operators to reveal distortions on a computer network, to detect harmful traffic and to eliminate false security alerts (proportion of false positives and false negatives). Besides that, it reduces costs on system maintenance, because it combined coordination methods with so-called multiagents systems (each agent monitors partial aspects of network traffic).

Technology and specifics

  • Distributed multiagent system 
    Revealing attack was ensured by a group of specialized detect agents. Individual agents represented different methods of finding anomalies and researched anomalies in NetFlow data using advanced trustworthy models. For the overall decision about the trustworthiness of attacks system used collective decision making with a reputational mechanism. 
  • Combination of open-source solutions, hardware accelerated probes and specialized detection agents
    CAMNEP connected existing open-source solution (e. g. agents platform A-Glob, NetFlow collector NfSen or visualization tools Prefuse and Walrus) with new components of network traffic data (e. g. network probe FlowMon on COMBO platform).

  • High performance and ability to analyze network traffic in the Gb/s 
    Using specially designed hardware based on FTGA technology-enabled wireless measurements of network traffic in NetFlow format on network lines with traffic in Gb/s

  • End users and transferred content privacy protection 
    System observed traffic network through statistical data, after analyzing the data, there was no need to look into the content. All the privacy data of end users stayed safe. The system could also analyze encrypted traffic, for that reason, it was possible to discover unknown types of attacks.

  • Intelligent user interface
    We solved controlling and administrating the system with the intelligent user interface, which provided relevant information for incidents and enabled defining safety policy. The system provided straightforward visualizations, which made easier orientation within the system.

Achievements

Project results are now being used by companies established from the academic environment (INVEA-TECH and AdvaICT from Masaryk University or Cognitive Security from  Czech Technical University in Prague). The project arose from cooperation with the United States Army (Command Center for Science, Research and Engineering).

IDENTIFICATION CODE
N62558-07-C-0001