# Lunes 15/12 14hs - Seminario “Gathering Threat Intelligence from Encrypted Network Traffic” Prof. Ondřej Ryšavý, Brno University of Technology (BUT), República Checa.

Tenemos el agrado de invitarlos a la charla que brindará el Prof. Ondřej Ryšavý que nos visita desde la Brno University of Technology (BUT) de la República Checa.

Esta visita se da en el marco de una cooperación activa entre BUT y el DC/ICC en temas de seguridad informática (aunque no exclusivamente), con lo cual este seminario es también una oportunidad para aquellos investigadores, docentes y alumnos que deseen sumarse a las iniciativas en curso.

🗓 lunes 15 de diciembre

🕑 14:00 hs.

📍 Sala 1606, Pabellón 0+infinito, Ciudad Universitaria, Buenos Aires, Argentina. geo:-34.54396,-58.44038?z=16

🌐 Idioma: Inglés.

Título: Gathering Threat Intelligence from Encrypted Network Traffic

Abstract: Encrypted communication now dominates network environments, reducing the visibility of defenders and demanding new approaches that derive security intelligence without decrypting content. This presentation unifies three complementary research directions into a single, end-to-end framework for threat identification, behavior profiling, and malware attribution.

First, it introduces a privacy-preserving methodology for latent behavior modeling of TLS traffic. This methodology uses autoencoder-based profiling, extended flow-level metadata, and federated learning for distributed training across sites. The results demonstrate that encrypted traffic can be characterized statistically and semantically without access to the payload, enabling scalable anomaly detection while reducing the risk of data exposure. The second part focuses on threat detection through IoC-driven context enrichment. In this approach, Indicators of Activity (IoAs) extracted from hosts are matched against fuzzy IoC sets derived from malware. This enables family-level correlation, threshold-based scoring, and experimentation in semi-controlled infected environments. Lastly, the presentation explores JA3/JA4+ TLS fingerprinting as a higher-resolution layer for application and malware discrimination. An experimental evaluation using sandbox-generated datasets reveals patterns of uniqueness, coverage, and collisions across multiple malware families and benign applications. This demonstrates how fingerprinting can facilitate attribution and classification in encrypted networks.

Short Bio:
Ondřej Ryšavý is an associate professor at Brno University of Technology who specializes in network security monitoring, threat intelligence, and digital forensics. His research focuses on advanced methods for analyzing network telemetry, detecting cyber threats in encrypted traffic, and enhancing forensic readiness in modern infrastructures. He has served as both a principal and co-investigator on numerous international and national research initiatives, contributing to the development of innovative cybersecurity tools, threat hunting methodologies, and privacy-aware analytics

#FITVUT #FITBUT #VUTBrno #FITVUTBrno #FITBUTBrno #ThreatIntelligence #SeguridadInformática #NetworkIntelligence #NetworkSecurity #cybersecurity #ThreatHunting #UBA #DCUBA #ICCUBA #DCFCENUBA #FCENUBA #ComputaciónUBA #ICCFCENUBA #inteligencia #InteligenciaDeAmenazas #BuenosAires #Argentina #CiudadUniversitariaUBA #CiudadUniversitariaBuenosAires #seminario #charla #cooperaciónInternacional #investigación #CienciasDeLaComputación #ComputerScience