|
|
Detection of Slow HTTP DoS Attacks
Jakubíček, Patrik ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with the detection of Slowloris attack. Based on the findings a detection module for Nemea system is implemented. It analyzes flow records and performs attack detection. Tests have verified that the module can work in real deployment and detect Slowloris attack quite successfully.
|
|
|
Detection of Malicous Traffic in Local Network
Šabík, Erik ; Kováčik, Michal (referee) ; Žádník, Martin (advisor)
This bachelor's thesis discusses monitoring local networks using IP flows. It describes Nemea framework which is used for building complex systems for detecting malicious traffic. Analysis of data from three different networks was performed by using this framework. Based on this analysis a design for detection of malicious traffic in local network was created. The detection method monitors network traffic for suspicious communication targeting IP or URL addresses that are listed in public blacklists. The detection method is evaluated on various traffic samples and the results show that three analysed samples belong to networks that are well managed and secured since the communication with the blacklisted entities is rare.
|
|
|
Mobile Application for Network Scanning
Teuchner, Marek ; Bartoš, Václav (referee) ; Kováčik, Michal (advisor)
The subject of this bachelor's thesis is to design and implement an application for Android operating system that allows the discovery of all connected devices in a local network and to display information about it and all of its devices. The application would allow the user to assign a custom icon and a note to each device within the network. Logs and statistics are also collected by the application. In addition, it is possible to attack the selected device using various Denial of Service attacks.
|
|
|
Mobile Application for DNS Administration
Galajda, Denis ; Ovšonka, Daniel (referee) ; Kováčik, Michal (advisor)
This bachelor's thesis deals with possibilities and specifics of developing a custom mobile applicaion for DNS administration on Android. The goal is to create an easy-to-use application which will allow the user to manage zones and resource records of BIND9 nameserver. This issue is solved by manipulation of zone files over SSH connection, controlled through the modern user interface. The resulting programm allows the users to comfortably manage a DNS server from their smartphone practically anywhere.
|
|
|
Spam Detection Using DNS MX Records
Plotěný, Ondřej ; Krobot, Pavel (referee) ; Kováčik, Michal (advisor)
The aim of this thesis is the detection of malicious spammer hosts based on passive analysis of captured DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on high volume of MX query per host and high NXDomain ratio. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.
|
|
|
Detection and Automatic Analysis of Network Scans
Procházka, Aleš ; Kováčik, Michal (referee) ; Krobot, Pavel (advisor)
This bachelor thesis is focused on a computer network monitoring that utilizes flows. Firstly, there is a framework Nemea described, which can be used to build a complex system for network attack detection, and whose module is developed within the thesis. Secondly, port scanning is explained and different methods that can be used to scan ports are defined. The module is designed to detect horizontal scanning. The idea behind this method is to compare a unique number of destination IP addresses, which were asked for with a specific port, with a given threshold in a specific time window. Finally, in the practical part of the thesis the implementation of the module is described and results of the experiments on real data from Cesnet are presented.
|
|
|
Visualization of Network Security Events
Stehlík, Petr ; Kováčik, Michal (referee) ; Krobot, Pavel (advisor)
This thesis focuses on visualization of network security events via modern web technologies. Multiple technologies for creating modern web application supporting visualising large volume of security events were studied. The application was designed for NEMEA system which thanks to this thesis acquired graphical user interface allowing big data visual analysis. Visualized events allow drill-down analysis. The application operates on security events stored in IDEA format which is used among other network security services and the application is therefore transferrable to them. NEMEA Dashboard has been tested on the target group of network administrators using acceptance tests.
|
|
|
Mobile Application for DNS Vulnerabilities Testing
Béder, Michal ; Ovšonka, Daniel (referee) ; Kováčik, Michal (advisor)
The aim of this thesis is to show the way how to implement an Android application, which allows full control over DNS packets creation. This was achieved by partial implementation of the application in C++ programming language. Furthermore, in this thesis are described topics as Android security model and possibilities of combining native and Java code. Resulting application allows to generate network attacks, which are exploiting some of the known DNS vulnerabilities.
|
|
|
DNS Tunnelling Detection Based on Application Layer Data Analysis
Koutenský, Michal ; Krobot, Pavel (referee) ; Kováčik, Michal (advisor)
This bachelor's thesis deals with designing and implementing a detection algorithm for detecting DNS tunnelling using application layer data. The algorithm's design is preceded by overview and analysis of current tunneling tools and their shared characteristics. The tunnelling tool iodine is given extra attention and is used to carry out more complex tests and benchmarks. The thesis concludes by testing the implemented algorithm on real data and highlighting its strengths and shortcomings.
|
|
|
Aggregation of Security Incident Reports
Kapičák, Daniel ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
In this thesis, I present analysis of security incident reports in IDEA format from Mentat and their aggregation and correlation methods design and implementation. In data analysis, I show huge security reports diversity. Next, I show design of simple framework and system of templates. This framework and system of templates simplify aggregation and correlation methods design and implementation. Finally, I evaluate designed methods using Mentat database dumps. The results showed that designed methods can reduce the number of security reports up to 90% without loss of any significant information.
|
guest ::
