|
|
Detection of Security Incidents in Hospital Computer Network
Pisk, Jiří ; Ryšavý, Ondřej (referee) ; Matoušek, Petr (advisor)
This work explores honeypots as an early threat detection system in the production network of Jihlava hospital, analysis of the data collected from those honeypots as well as a comparison of currently available solutions for honeypot deployment. As part of the practical section multiple instances of TPot (an open source honeypot platform) are deployed as well as one instance serving as a monitor for the whole system. This implementation is then tested using automated penetration testing tools and the results used to design and implement automatic alerts to detected incidents.
|
|
|
Application Protocols Identification
Chomo, Tomáš ; Ryšavý, Ondřej (referee) ; Pluskal, Jan (advisor)
Digital forensic analysis applies methodical series of techniques and procedures used to gather evidence, from computer device and present it in meaningful format. This thesis is dealing with identification of application protocols with help of machine learning and statistical methods. Further thesis explain attempts to improve detection skills with help of process called Feature Engineering. Feature Engineering is process of creating set of features that will help us to characterise network traffic. Paper contains testing of actual implementation of agent Netfox Detective which uses those two methods Paper is comparing those two methods and extends the implementation with effort to improve detection skills of a Netfox Detective agent.
|
|
|
ZigBee Module for Logo MindStorm Platform
Kočár, Darius ; Ryšavý, Ondřej (referee) ; Ráb, Jaroslav (advisor)
The goal of this thesis is extending Lego Mindstorm platform with ZigBee modul. This extension will enable remote control of robots motors. Further is comparsion between designed solution and already embeded Bluetooth. It is preceded by analysis of communication requirements and protokol designing. Further is evaluation of NXT Brics predefined communication abilities and ZigBee modules capabilities.
|
|
|
A Tool for Network Traffic Classification Based on Deep Packet Inspection
Schoffer, Pavel ; Ráb, Jaroslav (referee) ; Ryšavý, Ondřej (advisor)
This work deals with design of an experimental tool for deep packet inspection based on Microsoft Network Monitor. This tool enables packet dissecting based on protocol specifications written in Network Protocol Language (NPL). The present work demonstrates how NPL specifications can be used for implementing various deep packet inspection methods. The implemented software tool consumes captured traffic and produces flow-based data in AppFlow format. The implementation of the tool was evaluated using a data set containing various captured traffic. Based on the results it can be concluded that this methods is mainly suitable for off-line analysis because of time relatively large demands.
|
|
|
Network Forensics Tools Survey and Taxonomy
Zembjaková, Martina ; Ryšavý, Ondřej (referee) ; Pluskal, Jan (advisor)
Táto diplomová práca sa zaoberá prieskumom a taxonómiou sieťových forenzných nástrojov. Popisuje základné informácie o sieťovej forenznej analýze, vrátane procesných modelov, techník a zdrojov dát používaných pri forenznej analýze. Ďalej práca obsahuje prieskum existujúcich taxonómií sieťových forenzných nástrojov vrátane ich porovnania, na ktorý naväzuje prieskum sieťových forenzných nástrojov. Diskutované sieťové nástroje obsahujú okrem nástrojov spomenutých v prieskume taxonómií aj niektoré ďalšie sieťové nástroje. Následne sú v práci detailne popísané a porovnané datasety, ktoré sú podkladom pre analýzu jednotlivými sieťovými nástrojmi. Podľa získaných informácií z vykonaných prieskumov sú navrhnuté časté prípady použitia a nástroje sú demonštrované v rámci popisu jednotlivých prípadov použitia. Na demonštrovanie nástrojov sú okrem verejne dostupných datasetov použité aj novo vytvorené datasety, ktoré sú detailne popísane vo vlastnej kapitole. Na základe získaných informácií je navrhnutá nová taxonómia, ktorá je založená na prípadoch použitia nástrojov na rozdiel od ostatných taxonómií založených na NFAT a NSM nástrojoch, uživateľskom rozhraní, zachytávaní dát, analýze, či type forenznej analýzy.
|
|
| |
|
| |
|
|
Correlating IPFIX Records of Proxy Server Traffic
Krůl, Michal ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This thesis elabortes the problem of correlation of the network flow records. It tries to find solution, which would allow to automatically correlate flows from both sides of the proxy server. For this purpose, a dataset containing captured network traffic is created, which then serves as a base for analysis. Based on the results of the analysis a solution is presented, which is consequently tested and discussed.
|
|
|
Web Traffic Analysis and Reconstruction
Olbert, Jakub ; Ryšavý, Ondřej (referee) ; Veselý, Vladimír (advisor)
The project describes the problems of reconstruction and analysis of web traffic. The main goal of this project is to study theoretical background and to create a design of the reconstruction tool. The tool does reconstruction of the web traffic based on captured network data. Output of the reconstruction process is intended for later visualization. Main usage of this tool is expected at the law enforcing agencies dealing with Internet crime.
|
|
|
Simulation of EIGRP Protocol Behavior Using OMNeT++
Tlolka, Martin ; Matoušek, Petr (referee) ; Ryšavý, Ondřej (advisor)
The present thesis deals with the analysis of EIGRP routing protocol for the purpose of integration of EIGRP simulation model in OMNeT++ environment. Protocol EIGRP defined by Cisco Systems is proprietary, which represents an obstacle in the implementation of a simulation model. In the present work, the description of a behavior of the protocol resembled from available information sources is given and then refined according the results obtained from experiments done with real network devices. The contribution of the work consists of a description of protocol behaviors in basics situations and the identification of properties that the simulation model should comply with.
|
guest ::
