National Repository of Grey Literature 44 records found  1 - 10nextend  jump to record: Search took 0.00 seconds. 
Detection of Slow HTTP DoS Attacks
Jakubíček, Patrik ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with the detection of Slowloris attack. Based on the findings a detection module for Nemea system is implemented. It analyzes flow records and performs attack detection. Tests have verified that the module can work in real deployment and detect Slowloris attack quite successfully.
Network Traffic Analysis Based on Sketches
Dřevo, Aleš ; Kekely, Lukáš (referee) ; Bartoš, Václav (advisor)
Aim of this thesis is to create a program for network traffic analysis and for detection of anomallies in the traffic. The Heavy-Changes Detection technique which falls within the Data stream algorithm category is used to do so. Special structures called sketches are used for data processing. These structures are capable of maintaining large amounts of data with low memory consumption. Programs from Nemea system for which this project is created are used for gathering necessary network data.
Entropy Measurement in Internet Communication
Stejskal, David ; Bartoš, Václav (referee) ; Puš, Viktor (advisor)
This work focuses on entropy measurement in Internet protocols. It explains a way of measuring entropy and its application on protocols and their fields. Results are listed and discussed. Also an effort is made to try and identify current trends in communication.
Reputation of Malicious Traffic Sources
Bartoš, Václav ; Lhotka,, Ladislav (referee) ; Vozňák, Miroslav (referee) ; Kořenek, Jan (advisor)
An important part of maintaining network security is collecting and processing information about cyber threats, both from network operator's own detection tools and from third parties. A commonly used type of such information are lists of network entities (IP addresses, domains, URLs, etc.) which were identified as malicious. However, in many cases, the simple binary distinction between malicious and non-malicious entities is not sufficient. It is beneficial to keep other supplementary information for each entity, which describes its malicious activities, and also a summarizing score, which evaluates its reputation numerically. Such a score allows for quick comprehension of the level of threat the entity poses and allows to compare and sort entities. The goal of this work is to design a method for such summarization. The resulting score, called Future Maliciousness Probability (FMP score), is a value between 0 and 1, assigned to each suspicious network entity, expressing the probability that the entity will do some kind of malicious activity in a near future. Therefore, the scoring is based of prediction of future attacks. Advanced machine learning methods are used to perform the prediction. Their input is formed by previously received alerts about security events and other relevant data related to the entity. The method of computing the score is first described in a general way, usable for any kind of entity and input data. Then a more concrete version is presented for scoring IPv4 address by utilizing alerts from an alert sharing system and supplementary data from a reputation database. This variant is then evaluated on a real world dataset. In order to get enough amount and quality of data for this dataset, a part of the work is also dedicated to the area of security analysis of network data. A framework for analysis of flow data, NEMEA, and several new detection methods are designed and implemented. An open reputation database, NERD, is also implemented and described in this work. Data from these systems are then used to evaluate precision of the predictor as well as to evaluate selected use cases of the scoring method.
Mobile Application for Network Scanning
Teuchner, Marek ; Bartoš, Václav (referee) ; Kováčik, Michal (advisor)
The subject of this bachelor's thesis is to design and implement an application for Android operating system that allows the discovery of all connected devices in a local network and to display information about it and all of its devices. The application would allow the user to assign a custom icon and a note to each device within the network. Logs and statistics are also collected by the application. In addition, it is possible to attack the selected device using various Denial of Service attacks.
Extraction of Available Information from SSH Protocol Headers
Ďurčanský, Norbert ; Bartoš, Václav (referee) ; Kořenek, Jan (advisor)
This paper analyzes issue regarding to extraction of available information from SSH protocol. To achieve this aim, knowledge about SSH protocol were used to implement plugin for FlowMon exporter. During the testing plugin was tested on real network and validated in terms of stability, efficiency and accuracy. The result plugin allows us to extract information from SSH protocol and futher analysis  without decryption of traffic.
IP Address Activity Monitoring
Pilátová, Kateřina ; Krobot, Pavel (referee) ; Bartoš, Václav (advisor)
Poslední dobou se objem přenášených dat po síti neustále zvyšuje. K urychlení prohledávání dat je potřeba mít způsob jejich vhodné indexace. Tato bakalářská práce se zabývá tímto problémem, konkrétně ukládáním a vyhledáváním dat za účelem zjištění aktivity komunikujících IP adres. Cílem této práce je navrhnout a implementovat systém pro efektivní dlouhodobé ukládání a vizualizaci aktivity IP adres. Aktivitou je myšleno, zda daná adresa generovala provoz v daném intervalu či ne, tedy lze ji reprezentovat jediným bitem, což redukuje objem prohledávaných dat. Výsledný systém se skládá z backendu monitorujícího provoz a ukládajícího záznamy o aktivitě do uložiště a jejich parametry do konfiguračního souboru. Dále obsahuje webový server, který na základě požadavků uživatele data čte a vizualizuje ve formě obrázků. Uživatel může specifikovat oblast dat, kterou chce zkoumat podrobněji, pomocí interaktivního webového rozhraní.
Aggregation of Security Incident Reports
Kapičák, Daniel ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
In this thesis, I present analysis of security incident reports in IDEA format from Mentat and their aggregation and correlation methods design and implementation. In data analysis, I show huge security reports diversity. Next, I show design of simple framework and system of templates. This framework and system of templates simplify aggregation and correlation methods design and implementation. Finally, I evaluate designed methods using Mentat database dumps. The results showed that designed methods can reduce the number of security reports up to 90% without loss of any significant information.
DNS Amplification Attack Detection Using Passive DNS Analysis
Míšaný, Daniel ; Bartoš, Václav (referee) ; Kováčik, Michal (advisor)
This thesis is focused on the analysis and detection of DNS Amplification attack which is type of the DoS attack. Introduction of this thesis is focused on fundamental theories involving computer networks, DNS and DoS attacks. The main part of the work deals with the analysis of DNS Amplification attack, design and implementation of detection tool in C++ programming language. The conclusion is devoted to analyzing the results of the detection tool.
Mobile Application for Capturing and Monitoring of DNS Traffic
Spurný, František ; Bartoš, Václav (referee) ; Kováčik, Michal (advisor)
Subject of this thesis is design and implementation of aplication for Android system that captures and monitors DNS network traffic and also allows to load PCAP files. Independently of input this application gives the option to clearly show data of individual network traffic packets. Captured data could be also saved to PCAP files, these can be later opened with this application.

National Repository of Grey Literature : 44 records found   1 - 10nextend  jump to record:
See also: similar author names
4 Bartoš, V.
2 Bartoš, Vladimír
20 Bartoš, Vojtěch
4 Bartoš, Vít
Interested in being notified about new results for this query?
Subscribe to the RSS feed.