|
|
Network probe module for industrial protocol analysis
Srovnal, Dominik ; Pospíšil, Ondřej (referee) ; Blažek, Petr (advisor)
Industrial networks are often the target of attacks, which need to be adequately responded to. Therefore, it is necessary to prevent these attacks from the outset through protection and prevention. Such protection is provided by intrusion detection and prevention systems, which are capable of preventing unwanted intrusions, based on those modules. As attacks become more and more sophisticated, it is essential that these modules are continuously developed and got proposed in new, safer measures. The theoretical part describes industrial protocols (IEC 61850, IEC 60870, Ethernet/IP and S7). The practical part focuses on the creation of a module for the analysis of the industrial protocol S7. Furthermore, the paper describes possible attacks on the S7 protocol and proposes rules for detecting these attacks using the Suricata module.
|
|
|
Machine Learning from Intrusion Detection Systems
Dostál, Michal ; Očenášek, Pavel (referee) ; Hranický, Radek (advisor)
The current state of intrusion detection tools is insufficient because they often operate based on static rules and fail to leverage the potential of artificial intelligence. The aim of this work is to enhance the open-source tool Snort with the capability to detect malicious network traffic using machine learning. To achieve a robust classifier, useful features of network traffic were choosed, extracted from the output data of the Snort application. Subsequently, these traffic features were enriched and labeled with corresponding events. Experiments demonstrate excellent results not only in classification accuracy on test data but also in processing speed. The proposed approach and the conducted experiments indicate that this new method could exhibit promising performance even when dealing with real-world data.
|
|
|
Network communication monitoring probe
Klečka, Jan ; Fujdiak, Radek (referee) ; Blažek, Petr (advisor)
Master thesis deals with analysis of single board PC which use Linux as operation system. Analysis of individual NIDS systems and examined their properties for choosing right candidate for single board computer which shall be used as network probe for analysis, filtering and logging of network traffic. Part of the work is aimed on development of a interface which is used for configuration of network probe through the web browser. Web interface allows perform basic operations over network probe which influence network traffic or specify, which information shall be logged. Subsequently network parsers were implemented for network protocols using the Scappy library. The conclusion of the thesis contains the design of the security cover for the device according to the IP54 requirements.
|
|
| |
|
|
Detection of denial of service attacks
Gerlich, Tomáš ; Malina, Lukáš (referee) ; Martinásek, Zdeněk (advisor)
Master's thesis is focused on intrusion detection for denied of service attacks. These distributed DoS attacks are threat for all users on the Internet, so there is deployment of intrusion detection and intrusion prevention systems against these attacks. The theoretical part describes the DoS attacks and its variants used most frequently. It also mentioned variants for detecting DoS attacks. There is also described, which tools are used to detect DDoS attacks most frequently. The practical part deals with the deployment of software tools for detecting DDoS attacks, and create traffic to test detection abilities of these tools.
|
|
|
Detection of Cyber Attacks in Local Networks
Sasák, Libor ; Gerlich, Tomáš (referee) ; Malina, Lukáš (advisor)
This bachelor thesis focuses on the detection of attacks in the local network and the use of open source tools for this purpose. The first chapter deals with cyber attacks and also describes some of them. The second chapter focuses primarily on intrusion detection systems in general and also mentions and describes some open source systems. The third chapter briefly deals with the general division of attack detection methods. The fourth chapter introduces and describes the selected tool Suricata, which is also tested in the fifth chapter in the detection of various attacks, during which the behaviour and output of this tool are tracked. In the sixth chapter, the ARPwatch tool is presented and tested for ARP spoofing attack detection. The seventh and eighth chapters deal with the design and successful implementation of an attack detection system that provides output in the form of logs indicating malicious or suspicious traffic on the network. The ninth chapter deals with the design and implementation of the application with a graphical user interface, which clearly presents the mentioned logs and also allows other operations, including the essential control of the detection tools.
|
|
|
System for the Protection against DoS Attacks Using IDS
Mjasojedov, Igor ; Fukač, Tomáš (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the use of the Intrusion Detection System in the protection of computer networks against Denial of Service attacks. Suricata is the IDS system chosen for this purpose. The main goal of the thesis is to integrate the Suricata system with the DDoS Protector device. DDoS Protector - DCPro is a security network device, which uses, from a software perspective, DPDK technology for high-speed network traffic processing. Due to this fact, this technology was also integrated into the Suricata system. After this integration, the communication between DDoS Protector and Suricata system was allowed more easily. As a result, two DPDK compatible regimes were created in the Suricata system. The individual regime allows Suricata to process network data directly from the network interface card. The second, integrated regime allows DCPro to send network data to the Suricata system for highly precise analysis, which significantly extends DDoS Protector's attack detection abilities.
|
|
|
Distributed denial of service filtering based on Mikrotik network devices
Rajj, Jakub ; Martinásek, Zdeněk (referee) ; Gerlich, Tomáš (advisor)
The bachelor thesis is focused on the issue of denial of service attacks. These types of attacks are still up to date, but are currently being used in their distributed form. The theoretical part of the thesis describes the basic mechanisms of attacks and the division of attacks. Also there are described the most famous type of attacks. The theoretical part also includes a description of how to respond to these attacks. Four basick methods are described (prevention, detection, identification and response), as well as intrusion detection and prevention systems (IDPS). The practical part deals with connection of intrusion detection system and router, for detection and filtration on said router.
|
|
|
Web application for displaying cyber attacks in local networks
Matušicová, Viktória ; Mikulec, Marek (referee) ; Safonov, Yehor (advisor)
The information sphere is constantly and rapidly developing. This expansion means an increase in the risks of the Internet use. Vulnerabilities and other threats are emerging that provide an opportunity for unauthorized users to penetrate the integrity of protected infrastructures. The main goal of the bachelor’s thesis is to create a tool that allows the system administrator to perform the analysis of end stations in the local network. With the help of the web application, the administrator is able to view all computer attacks performed on his computer infrastructure. That makes it possible for him to implement countermeasures which will improve performance and security of the entire infrastructure. From a theoretical point of view, the bachelor thesis is focused on the issue of computer attacks on the data layer and network layer of the ISO/OSI model. Subsequently, it is focused on the structure of workplace involvement and web application. In the last part the work is focused on the design of the web application and its integration into the experimental workplace. Emphasis during the practical part is placed on the implementation of the workplace and web application on the local network. The practical part is divided into two implementation groups. Initially the experimental workplace is implemented within the local network. Here the web application focuses on the development of the server side – working with databases. In the second phase of implementation the experimental workplace is transferred into a real form. Following application features are added: various graphical displays, filtering and a section for user settings. Large emphasis is placed onto the security of the entire application – login system, server and client configuration settings. After the experimental workplace is connected with the web application, the functionality of the entire solution is tested by three different computer attacks. At the end of the thesis a brief conclusion and summary of the bachelor’s thesis is established.
|
|
|
Laboratory task demonstrates Intrusion Protection System
Bronda, Samuel ; Malina, Lukáš (referee) ; Martinásek, Zdeněk (advisor)
This bachelor thesis is divided into two parts. The theoretical part describes security systems, various types of attacks and details of systems to protect computer networks. The practical part focuses on the workplace, where will operate IDS / IPS system Snort and Suricata, the necessary adjustments and simulation of attacks. The bachelor thesis also includes putting the system into real terms.
|
guest ::
