Carlos Alberto M. S. Teles
◽
Carlos Roberto Gonçalves Viana Filho
◽
Felipe da Rocha Henriques
Information security is gradually becoming an area that plays an important role in our daily lives as information and communications technology assets grow with increasingly connected environments. Increasingly we have information from society having their data leaked due to information security flaws in both hardware and software of ICT assets. To identify failures of ICT assets, through the detection of malicious traffic, this chapter proposes a black-box-based framework that aims to detect malicious traffic. The black-box method allows monitor the network without accessing the software or hardware details. In the proposed framework, information security and network resource usage are used together in order to provide a reliable detection of malicious traffic. Firstly, the authors collected network traffic information, generating a dataset from open source networking tools. The proposed detection scheme can identify risks and threats like malware, suspect traffic, and others. The scheme was validated verifying the correlation between network security alerts and network resource usage.