Ústav informačních systémů

Browse

Recent Submissions

Now showing 1 - 5 of 14
  • Thumbnail Image
    Item
    A Multi-Dimensional DNS Domain Intelligence Dataset for Cybersecurity Research
    (2026-01-01) Hranický, Radek; Ondryáš, Ondřej; Horák, Adam; Pouč, Petr; Jeřábek, Kamil; Ebert, Tomáš; Polišenský, Jan
    The escalating sophistication and frequency of cyber threats require advanced solutions in cybersecurity research. Particularly, phishing and malware detection have become increasingly reliant on data-driven approaches. This paper presents a unique dataset precisely curated to bolster research in network security, focusing on the classification and analysis of internet domains. This dataset contains information for over a million internet domains with detailed labels distinguishing between phishing, malware, and benign traffic. Our dataset is distinctive due to its comprehensive compilation of metainformation derived from multiple sources, including DNS records, TLS handshakes and certificates, WHOIS and RDAP services, IP-related data, and geolocation details. Such rich, multi-dimensional data allows for a deeper analysis and understanding of domain characteristics that are critical in identifying and categorizing cyber threats. The integration of information from diverse sources enhances the dataset's utility, providing a holistic view of each domain's footprint and its potential security implications. The data is formatted in JSON, ensuring versatility, accessibility for researchers, and easy integration into various analytical tools and platforms, facilitating ease of use in statistical analysis, machine learning, and other computational analyses. Our dataset's extensive volume and variety surpass any known publicly available resources in this field, making it an invaluable asset for both academic and practical development and testing of cybersecurity solutions. This paper thoroughly describes the value of the data, details the comprehensive methodology employed in the collection process, and provides a clear description of the data structure. Such documentation is crucial for ensuring that the dataset can be effectively utilized and reapplied in a variety of research contexts. Its structured format and the broad range of included features are critical for developing robust cybersecurity solutions and can be adapted for emerging threats.
  • No Thumbnail Available
    Item
    Developers’ Insight on Manifest v3 Privacy and Security Webextensions
    (SCITEPRESS – Science and Technology Publications, Lda., 2025-10-21) Polčák, Libor; Maone, Giorgio; McMahon, Michael; Bednář, Martin
    Webextensions can improve web browser privacy, security, and user experience. The APIs offered by the browser to webextensions affect possible functionality. Currently, Chrome transitions to a modified set of APIs called Manifest v3. This paper studies the challenges and opportunities of Manifest v3 with an indepth structured qualitative research. Even though some projects observed positive effects, a majority express concerns over limited benefits to users, removal of crucial APIs, or the need to find workarounds. Our findings indicate that the transition affects different types of webextensions differently; some can migrate without losing functionality, while others remove functionality or decline to update. The respondents identified several critical missing APIs, including reliable APIs to inject content scripts, APIs for storing confidential content, and others.
  • Thumbnail Image
    Item
    Comparison of Fungal Thermophilic and Mesophilic Catalase-Peroxidases for Their Antioxidative Properties
    (MDPI, 2023-07-04) Poljovka, Andrej; Musil, Miloš; Bednář, David; Chovanová, Katarína; Bauerová-Hlinková, Vladena; Bellová, Jana; Kohútová, Lenka; Baráth, Peter; Zámocký, Marcel
    Catalase-peroxidases (KatGs) are unique bifunctional oxidoreductases that contain heme in their active centers allowing both the peroxidatic and catalatic reaction modes. These originally bacterial enzymes are broadly distributed among various fungi allowing them to cope with reactive oxygen species present in the environment or inside the cells. We used various biophysical, biochemical, and bioinformatics methods to investigate differences between catalase-peroxidases originating in thermophilic and mesophilic fungi from different habitats. Our results indicate that the architecture of the active center with a specific post-translational modification is highly similar in mesophilic and thermophilic KatG and also the peroxidatic acitivity with ABTS, guaiacol, and L-DOPA. However, only the thermophilic variant CthedisKatG reveals increased manganese peroxidase activity at elevated temperatures. The catalatic activity releasing molecular oxygen is comparable between CthedisKatG and mesophilic MagKatG1 over a broad temperature range. Two constructed point mutations in the active center were performed selectively blocking the formation of described post-translational modification in the active center. They exhibited a total loss of catalatic activity and changes in the peroxidatic activity. Our results indicate the capacity of bifunctional heme enzymes in the variable reactivity for potential biotech applications.
  • Thumbnail Image
    Item
    Comparative Analysis of DNS over HTTPS Detectors
    (Elsevier, 2024-04-20) Jeřábek, Kamil; Hynek, Karel; Ryšavý, Ondřej
    DNS over HTTPS (DoH) is a protocol that encrypts DNS traffic to improve user privacy and security. However, its use also poses challenges for network operators and security analysts who need to detect and monitor network traffic for security purposes. Therefore, there are multiple DoH detection proposals that leverage machine learning to identify DoH connections; however, these proposals were often tested on different datasets, and their evaluation methodologies were not consistent enough to allow direct performance comparison. In this study, seven DoH detection proposals were recreated and evaluated with six different experiments to answer research questions that targeted specific deployment scenarios concerning ML-model transferability, usability, and longevity. For thorough testing, a large Collection of DoH datasets along with a novel 5-week dataset was used, which enabled the evaluation of models’ longevity. This study provides insights into the current state of DoH detection techniques and evaluates the models in scenarios that have not been previously tested. Therefore, this paper goes beyond classical replication studies and shows previously unknown properties of seven published DoH detectors.
  • Thumbnail Image
    Item
    Towards identification of network applications in encrypted traffic
    (Springer Nature, 2025-09-03) Burgetová, Ivana; Matoušek, Petr; Ryšavý, Ondřej
    Network traffic monitoring for security threat detection and network performance management is challenging due to the encryption of most communications. This article addresses the problem of identifying network applications associated with Transport Layer Security (TLS) connections. The evaluation of three primary approaches to classifying TLS-encrypted traffic was carried out: fingerprinting methods, Server Name Indication (SNI)-based identification, and machine learning-based classifiers. Each method has its own strengths and limitations: fingerprinting relies on a regularly updated database of known hashes, SNI is vulnerable to obfuscation or missing information, and AI techniques such as machine learning require sufficient labeled training data. A comparison of these methods highlights the challenges of identifying individual applications, as the TLS properties are significantly shared between applications. Nevertheless, even when identifying a collection of candidate applications, a valuable insight into network monitoring can be gained, and this can be achieved with high accuracy by all the methods considered. To facilitate further research in this area, a novel publicly available dataset of TLS communications has been created, with the communications annotated for popular desktop and mobile applications. Furthermore, the results of three different approaches to refine TLS traffic classification based on a combination of basic classifiers and context are presented. Finally, practical use cases are proposed, and future research directions are identified to further improve application identification methods.