|
|
Detection of attacks targeted at web applications
Jégrová, Eliška ; Gerlich, Tomáš (referee) ; Martinásek, Zdeněk (advisor)
This thesis is dealing with vulnerabilities of web applications. The aim of the work is to create tools for attack detection of certain attacks, specifically Same Origin Method Execution (SOME), XML Signature Wrapping attack, XPATH Injection, HTTP Response Smuggling and Server-Side Includes (SSI) injection. Another aim is to create logs that display detected attacks. In the first part, the theory is analyzed and vulnerabilities of chosen attacks are described including their misuse. In the next section there are web application implemented which contain vulnerabilities for successful execution of the attacks. Furthermore, in Python language detection methods are designed and developed for these attacks, which are accompanied by a log entry.
|
|
|
Electric meter simulator with DLMS protocol
Tsymbal, Kateryna ; Gerlich, Tomáš (referee) ; Lieskovan, Tomáš (advisor)
This bachelor thesis is focused on getting acquainted with the DLMS/COSEM protocol and its functions. Furthermore, the Java programming language and the Raspberry Pi minicomputer are briefly introduced. The DLMS/COSEM protocol is used to simulate measurements using a smart meter, which ensures communication between the meter simulator and the concentrator. Communication provided by the DLMS/COSEM protocol is widely used in smart grids. The first part of the thesis discusses important information about energy networks and their relationship with smart meters, the importance of smart meters in modern networks and the role of smart networks, which are used for effective energy measurement in a particular area (e.g. for measuring electricity). Data measured in smart grids can be easily analyzed and used to make consumption more effective. The first part also mentions important information about the DLMS/COSEM protocol, the Java programming language and the Raspberry Pi minicomputer. In the second part of the thesis, a test environment is created for testing the smart meter simulator, which communicates using the DLMS/COSEM protocol with the concentrator and transmits the measured values to it. Measured values are manually defined for testing purposes using code changes in the Eclipse IDE. The aim of the work was to create a smart meter simulator that lists predefined values and passes them to the concentrator, which was achieved using the Gurux.DLMS library. Finally, an analysis of this communication was performed using Wireshark. This bachelor thesis is useful for a simple understanding of the DLMS/COSEM protocol and its use in smart grids.
|
|
|
Generator of low-rate DoS attacks
Kaiser, Michal ; Gerlich, Tomáš (referee) ; Sikora, Marek (advisor)
The bachelor thesis is focused on the implementation and issues of Low-rate DoS attacks, where based on this information obtained during the compilation of the bachelor thesis, Low-rate DoS attack generators called NewShrew and LoRDAS are constructed. The reader will be introduced to the general issues of DoS attacks, their operation, and the exploitation of network communication, where these basic attacks will then be divided according to their network flow characteristics, and the Low-rate attacks will be described in more detail. After the theoretical introduction, the NewShrew and LoRDAS attacks are described. Subsequently, the methods of their detection and defense techniques will be introduced. Generators of these attacks are implemented in the Python programming language. These attacks will then be tested on test networks. The result of the thesis will be NewShrew and LoRDAS DoS attacks that attempt to make a web server inaccessible, results of correct settings of attacks, and also detection and prevention system are proposed.
|
|
|
Detection of attacks on the L2 layer
Štefánik, Jaromír ; Martinásek, Zdeněk (referee) ; Gerlich, Tomáš (advisor)
Bachelor thesis is focused on cybernetic attacks on the second layer of the reference model OSI, namely: DHCP starvation, MAC flooding, Eavesdropping. The first, theoretical, part of the bachelor thesis is focused on the OSI model, types of cybernetic attacks and methods used by cybercriminals (attackers). In the practical part of the bachelor thesis an experimental workplace was set up (local network), the cybernetic attacks were realized, detection algorithms for given attacks were theoretically designed and programs designed to detect the given attacks were created.
|
|
|
Detection and mitigation of cyber attacks at local area networks
Racka, Jan ; Lieskovan, Tomáš (referee) ; Gerlich, Tomáš (advisor)
The bachelor thesis is focused on the detection and mitigation of flood attacks in local area networks. The thesis can be divided into two parts. In the theoretical part, first flooding attacks are described. Then, the problem of attack detection is discussed in depth, including the implemented detection methods. Subsequently, the classification of detection tools by location is discussed and examples of detection tools are given. The last theoretical section is devoted to network mapping methods and topology detection tools. In the practical part, the design of the IDS and the test network is discussed. The network consists of three end devices namely: the IDS, the victim and the attacker. A Mikrotik router is used to ensure connectivity between all the devices. The IDS has been implemented in Python and is composed of individual modules that extend its functionality. The most important module is the detection module, which contains detection methods against SYN Flood, UDP Flood, ICMP Flood attacks and one universal comprehensive method against all flood attacks. The ARP Scan module allowed the IDS to map the network and use ARP queries to detect the presence of endpoint devices in the network. The learning module made it easier to set up rules for each detection method by monitoring network traffic over a period of time. It then determines appropriate rule values from the detected data. The SSH module provided IDS with the ability to proactively respond to attacks and disconnect the attacker from the rest of the network. ARP Scans also use the SSH module to discover information about guests. The IDS has been tested in both virtual and real environments. The results show that the developed detection methods work and the IDS can stop the attack in a reasonable time. ARP Scanning was also tested and was able to detect new guests on average in the first pass. The effect of IDS on communication was also monitored and found to be minimal.
|
|
|
Fuzzer Based on Genetic Programming
Závada, Tomáš ; Gerlich, Tomáš (referee) ; Ilgner, Petr (advisor)
The thesis is focused on testing, discusses its various approaches and more specifically focuses on the automated testing technique called fuzzing. It discusses its process, advantages, disadvantages and then also some of its possible improvements. Furthermore, the work is focused specifically on improving the process of fuzzing techniques using genetic algorithms. Genetic algorithms help create more appropriate test inputs, saving time during testing process while achieving appropriate results. A server using the DLMS/COSEM standard was chosen as the testing target. The thesis also introduces the DLMS protocol, which provides communication between clients and servers, and other essentials falling under the COSEM specification. Then the assembly of a test network, containing a server and a client, which use the mentioned standard for communication, is described. The thesis also elaborates a solution proposal for how the connection of the testing tool to the network could look like. Finally, the implementation of a fuzzer using the process of genetic algorithms to generate test data is also included.
|
|
|
Application for automated power trace measurement
Karabina, Lukáš ; Lieskovan, Tomáš (referee) ; Gerlich, Tomáš (advisor)
Master’s thesis is focused on providing information for the design and implementation of an application for automated power trace measurement. The first and second sections of this thesis summarise the findings on the actual measurement of the power consumption and the use of the results in the analysis of the robustness of cryptographic systems against side channel attacks. In this sections, several methods that can be used in such an analysis are presented. A section on the devices with which the application will communicate is also included. The practical part of this thesis deals with the actual design and development of the application. The design patterns used and the procedures by which the application is created are presented. The individual subsections further describe the actual development, implementation, testing and associated problems.
|
|
|
Countermeasures of power analysis
Gerlich, Tomáš ; Malina, Lukáš (referee) ; Martinásek, Zdeněk (advisor)
Side channels affect a security of the cryptographic systems, due to it is necessary to focus on implementation of the algorithm. There are mention basic classification of side channels in the beginning of the work. The following chapter describes types of countermeasures against side channel attack, which the most emphasis on masking, because of possible implementations on existing cryptosystems. Masking techniques are introduces in the following chapter, where is a description of their method of masking, treatment of cipher and their resistance against attack. The practical part describes the measurements that are trying to record the power consumption of the microcontroller. Measurement was designed to examine primarily on information leakage through power side channel.
|
|
|
Detection of denial of service attacks
Gerlich, Tomáš ; Malina, Lukáš (referee) ; Martinásek, Zdeněk (advisor)
Master's thesis is focused on intrusion detection for denied of service attacks. These distributed DoS attacks are threat for all users on the Internet, so there is deployment of intrusion detection and intrusion prevention systems against these attacks. The theoretical part describes the DoS attacks and its variants used most frequently. It also mentioned variants for detecting DoS attacks. There is also described, which tools are used to detect DDoS attacks most frequently. The practical part deals with the deployment of software tools for detecting DDoS attacks, and create traffic to test detection abilities of these tools.
|
|
|
Detection of Cyber Attacks in Local Networks
Sasák, Libor ; Gerlich, Tomáš (referee) ; Malina, Lukáš (advisor)
This bachelor thesis focuses on the detection of attacks in the local network and the use of open source tools for this purpose. The first chapter deals with cyber attacks and also describes some of them. The second chapter focuses primarily on intrusion detection systems in general and also mentions and describes some open source systems. The third chapter briefly deals with the general division of attack detection methods. The fourth chapter introduces and describes the selected tool Suricata, which is also tested in the fifth chapter in the detection of various attacks, during which the behaviour and output of this tool are tracked. In the sixth chapter, the ARPwatch tool is presented and tested for ARP spoofing attack detection. The seventh and eighth chapters deal with the design and successful implementation of an attack detection system that provides output in the form of logs indicating malicious or suspicious traffic on the network. The ninth chapter deals with the design and implementation of the application with a graphical user interface, which clearly presents the mentioned logs and also allows other operations, including the essential control of the detection tools.
|
guest ::
