|
|
IP Flow Filtration and Profiling
Sedlák, Michal ; Tisovčík, Peter (referee) ; Kučera, Jan (advisor)
This thesis addresses the problem of filtering and profiling IP flows, primarily data of IPFIXsystems. Within the work, a general filtering component is designed and implemented, whichaims to be sufficiently efficient and flexible for use in other projects related to IP flows. Thiscomponent is then adapted to work with data in the IPFIX protocol format and integratedinto the existing modular collector IPFIXcol2 in the form of plugins adding the support forfiltering of passing IPFIX data and their sorting into profiles.
|
|
|
System for Opening a Window Based on the Temperature and CO2 Concentration in the Room
Jůza, Tadeáš ; Bardonek, Petr (referee) ; Tisovčík, Peter (advisor)
The purpose of this work is to enable an automated maintenance of fresh air in a room. Using automated ventilation, so the smallest possible heat losses occur. The data from sensors of indoor and outdoor temperature, CO2, humidity, and window opening status have been collected and analyzed. Then a suitable algorithm has been selected to accomplish the required values. The program also contains an algorithm for predicting the system's behavior so the controlled appliances (window and heating) work together appropriately.
|
|
|
Traffic Analysis of Network Protocols Kerberos, NTLM, and SAML 2.0
Krůl, Michal ; Orsák, Michal (referee) ; Tisovčík, Peter (advisor)
This thesis engages the problem consisting of analysis and detection of the attacks carried out on the authentication protocols in the environment of network structures, like those used in big corporations. In~this thesis, the problem is examined in the light of the netflow analysis. Main content of the thesis is a simulation of the attacks targeting network architectures, where the authentication is served by mentioned protocols, and effort to detect these attack by the netflow monitoring. The outcome of this thesis is a draft, how to automatically detect the attacks carried out in the network structures, and plugin for the exporter of the Flowmon sond, the product of Flowmon Networks company, which will be extracting the information needed for the performance of the detection.
|
|
|
Mitigation of DDoS Attacks Using IDS/IPS
Litwora, Martin ; Tisovčík, Peter (referee) ; Kučera, Jan (advisor)
This This bachelor's thesis focuses on the detection and mitigation of DDoS attacks (Distributed Denial of Service). The main goal is to analyze and practically verify the capabilities of various IDS/IPS, especially the open-source tool Suircata, to mitigate DDoS attacks. Three main DDoS attack groups are analyzed in this thesis. These groups are flood attacks, amplification attacks, and slow attacks. A set of rules has to be created for each attack type from these groups in order for Suricata to mitigate those DDoS attacks. This thesis also implements a set of tools and scripts to check the functionality and effectiveness of the created rules. These tools are used to generate selected DDoS attacks with different parameters. Testing took place in a virtual environment where special nodes had to be created which represent real subjects during a real DDoS attack. The set of tools and scripts was designed in a way that it can easily be used outside this virtual environment where it is possible to have larger network loads, various variants and combinations of systems, and more.
|
|
|
Dataset for Classification of Network Devices Using Machine Learning
Eis, Pavel ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
Automatic classification of devices in computer network can be used for detection of anomalies in a network and also it enables application of security policies per device type. The key to creating a device classifier is a quality data set, the public availability of which is low and the creation of a new data set is difficult. The aim of this work is to create a tool, that will enable automated annotation of the data set of network devices and to create a classifier of network devices that uses only basic data from network flows. The result of this work is a modular tool providing automated annotation of network devices using system ADiCT of Cesnet's association, search engines Shodan and Censys, information from PassiveDNS, TOR, WhoIs, geolocation database and information from blacklists. Based on the annotated data set are created several classifiers that classify network devices according to the services they use. The results of the work not only significantly simplify the process of creating new data sets of network devices, but also show a non-invasive approach to the classification of network devices.
|
|
|
Inference of DDoS Mitigation Rules
Belko, Erik ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This thesis deals with DDoS attacks, their specific types and ways of mitigating them. The aim of the thesis is to propose a method for inferring a pattern from a packet payload for subsequent DDoS attack mitigation and implement it. The chosen method uses the partitioning of the packet payload into N-grams to infer the pattern. The method utilizes samples with data captured during legitimate traffic and during a DDoS attack. Other proposed methods are also described in the thesis and experiments are performed with the selected method over data of different sizes.
|
|
|
Automated Inference of User Interface for NETCONF Protocol
Man, Jakub ; Orsák, Michal (referee) ; Tisovčík, Peter (advisor)
Tato práce se zaměřuje na vytvoření uživatelsky přívětivého grafického rozhraní pro zařízení komunikující protokolem NETCONF. Bylo zvoleno řešení pomocí webového rozhraní, aby bylo použití co nejjednodušší a z pohledu uživatele nevyžadovalo další instalaci. V práci bylo vytvořeno uživatelské rozhraní obsahující systém pro rozšíření a knihovnu pro operace nad protokolem NETCONF. Knihovna pro NETCONF umožňuje uživatelům připojení k zařízením, uložení informací o zařízení do databáze, připojování ke skupinám zařízení pomocí profilů a modifikace konfiugrace zařízení. Systém rozšíření umožňuje výrobcům zařízení poskytnout uživatelům grafické rozhraní, které nevyžaduje další zaškolování uživatelů, aniž by museli vyvýjet celou aplikaci.
|
|
|
Smart Home with the Third Party Sensors
Tisovčík, Peter ; Hujňák, Ondřej (referee) ; Viktorin, Jan (advisor)
The aim of this thesis was to acquaint with selected wireless sensors, which use Z-Wave and OASiS protocol and to create the uniform interface for BeeeOn system providing communication with the selected sensors. The theoretical part of the thesis describes sensors and USB devices that serve for communication with sensors or operating system to which they are connected. In the practical part, the BeeeOn application was extended by device manager which can support the other communication protocols.
|
|
|
Data Sets for Network Security
Setinský, Jiří ; Hranický, Radek (referee) ; Tisovčík, Peter (advisor)
In network security, machine learning techniques are used to effectively detect anomalies and malware in network traffic. A quality dataset is needed to train a network classifier with high accuracy. The aim of this paper is to modify the dataset using machine learning techniques to improve the quality of the dataset which will lead to training the model with a higher accuracy. The dataset is analyzed by a clustering algorithm and each cluster is characterized by a statistical description resulting from the attributes of the input dataset. The statistical description along with the information of the original classifier is used to compute the score. The score serves as a weight in the modification phase. Cluster analysis allows to filter out the data that are important for training the final model. The proposed approach allows us to mitigate the redundancy of the dataset or to augment it with missing data. The result is a modification framework that is able to reduce the datasets or perform their aggregation in order to create a compact dataset that reflects the actual network traffic. Models were trained on the created datasets and achieved higher accuracy compared to the existing solution.
|
|
|
Information Fusion for Classification of Network Devices
Sedláček, Ondřej ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This work is focused on solving information fusion when dealing with multiple data sources in computer network monitoring. A solution built on the concept of classification rules configured by experts is presented. Configuration is simplified using a designated configuration language interpreted by the solution. The classification rules enable coverage of diverse types of data. The result is given as a label from specified taxonomy. Using a taxonomy maintains the different levels of detail between the data sources, even in the output label. The solution also uses the Dempster-Schafer theory for merging labels from different sources into a single output label. Results of experiments show that information fusion in this context does increase the accuracy of device classification. A process of rule optimization was developed based on testing and experiments with a dataset from a real network. The accuracy was increased by 19 % compared to the original solution using this process.
|
guest ::
