|
|
Distributed Processing of IP flow Data
Krobot, Pavel ; Kořenek, Jan (referee) ; Žádník, Martin (advisor)
This thesis deals with the subject of distributed processing of IP flow. Main goal is to provide an implementation of a software collector which allows storing and processing huge amount of a network data in particular. There was studied an open-source implementation of a framework for the distributed processing of large data sets called Hadoop, which is based on MapReduce paradigm. There were made some experiments with this system which provided the comparison with the current systems and shown weaknesses of this framework. Based on this knowledge there was created a specification and scheme for an extension of current software collector within this work. In terms of the created scheme there was created an implementation of query framework for formed collector, which is considered as most critical in the field of distributed processing of IP flow data. Results of experiments with created implementation show significant performance growth and ability of linear scalability with some types of queries.
|
|
|
IP Flow Filter
Štoffa, Imrich ; Krobot, Pavel (referee) ; Wrona, Jan (advisor)
This thesis is focused on unification of filtering languages used by IP flow collecting program and library for their analysis. At the moment these implementations use different filtering modules and file formats. Because of this, inconsistencies in results arise and as a response to this, creation of one filtering module was proposed as part of effort to better integrate collection and analysis of IP flows using these programs. The one filtering module aims to provide one implementation and support for popular filtering language for use in the programs. Thesis contains theoretical introduction to flow monitoring in networks, describes algorithms useful for evaluation of conditions on flow records and packets. The core of authors work is design and implementation of the filtering module and its wrappers for the collector and analysis library. Results of performance tests and evaluation of features can be found in the thesis's conclusion.
|
|
|
Similarity Searching in Network Data
Hud, Jakub ; Krobot, Pavel (referee) ; Wrona, Jan (advisor)
This bachelor thesis is interested in analyzing IP flow records. IP flow record contains IP flow metadata of specific network communication such as IP addresses, port numbers, network protocol numbers and other. Main goal is to design and implement metrices to determine similarity of NetFlow records. At the beginning of this thesis is description of how to analyze great amount of data. Next there are shown network monitoring technicies and NetFlow. Other parts of this thesis are dedicated to design and implementation of data analysis using DBSCAN algorithm. Implementation of data analysis application is also part of this thesis. As a result, the application can be used to network scan detection using NetFlow data although the results are not very clear and contain a lot of legitimate communication.
|
|
|
Detection of Cryptocurrency Miners Based on IP Flow Analysis
Šabík, Erik ; Krobot, Pavel (referee) ; Žádník, Martin (advisor)
This master’s thesis describes the general information about cryptocurrencies, what principles are used in the process of creation of new coins and why mining cryptocurrencies can be malicious. Further, it discusses what is an IP flow, and how to monitor networks by monitoring network traffic using IP flows. It describes the Nemea framework that is used to build comprehensive system for detecting malicious traffic. It explains how the network data with communications of the cryptocurrencies mining process were obtained and then provides an analysis of this data. Based on this analysis a proposal is created for methods capable of detecting mining cryptocurrencies by using IP flows records. Finally, proposed detection method was evaluated on various networks and the results are further described.
|
|
|
Automated Processing of Log Files in BeeeOn System
Beňo, Marek ; Krobot, Pavel (referee) ; Vampola, Pavel (advisor)
The paper concerns with processing of log files from server applications . System architecture is based on study of availible technologies . Firstly , design of unified log format and impelementation of unified logger library is described . Secondly , installation and configuration of used technologies and their integration is described . The result is log processing system designed to be scalable in the future . System was tested and integrated into project BeeeOn .
|
|
|
Network Anomaly Detection Based on PCA
Krobot, Pavel ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with subject of network anomaly detection. The method, which will be described in this thesis, is based on principal component analysis. Within the scope of this thesis original design of this method was studied. Another two extensions of this basic method was studied too. Basic version and last extension was implemented with one little additional extension. This one was designed in this thesis. There were series of tests made above this implementation, which provided two findings. First, it shows that principal component analysis could be used for network anomaly detection. Second, even though the proposed method seems to be functional for network anomaly detection, it is still not perfect and additional research is needed to improve this method.
|
|
|
IP Address Activity Monitoring
Pilátová, Kateřina ; Krobot, Pavel (referee) ; Bartoš, Václav (advisor)
Poslední dobou se objem přenášených dat po síti neustále zvyšuje. K urychlení prohledávání dat je potřeba mít způsob jejich vhodné indexace. Tato bakalářská práce se zabývá tímto problémem, konkrétně ukládáním a vyhledáváním dat za účelem zjištění aktivity komunikujících IP adres. Cílem této práce je navrhnout a implementovat systém pro efektivní dlouhodobé ukládání a vizualizaci aktivity IP adres. Aktivitou je myšleno, zda daná adresa generovala provoz v daném intervalu či ne, tedy lze ji reprezentovat jediným bitem, což redukuje objem prohledávaných dat. Výsledný systém se skládá z backendu monitorujícího provoz a ukládajícího záznamy o aktivitě do uložiště a jejich parametry do konfiguračního souboru. Dále obsahuje webový server, který na základě požadavků uživatele data čte a vizualizuje ve formě obrázků. Uživatel může specifikovat oblast dat, kterou chce zkoumat podrobněji, pomocí interaktivního webového rozhraní.
|
|
|
Spam Detection Using DNS MX Records
Plotěný, Ondřej ; Krobot, Pavel (referee) ; Kováčik, Michal (advisor)
The aim of this thesis is the detection of malicious spammer hosts based on passive analysis of captured DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on high volume of MX query per host and high NXDomain ratio. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.
|
|
|
Deriving DDoS Mitigation Rules
Hurta, Marek ; Krobot, Pavel (referee) ; Žádník, Martin (advisor)
This thesis is aimed at monitoring of computer networks using NetFlow data. It describes main aspects of detection network anomalies using IDS systems. Next part describes Nemea framework, which is used for creating modules. These modules are able to detect network incidents and attacks. Following chapters contain a brief overview of common network attacks with their specific remarks which can help in process of their detection. Based on this analysis, the concept of mitigation rules was created. These rules can be used for mitigation of DDoS attack. This method was tested on several data sets and it produced multiple mitigation rules. These rules were applied on data sets and they marked most of the suspicious flows.
|
|
|
DNS Tunnelling Detection Based on Application Layer Data Analysis
Koutenský, Michal ; Krobot, Pavel (referee) ; Kováčik, Michal (advisor)
This bachelor's thesis deals with designing and implementing a detection algorithm for detecting DNS tunnelling using application layer data. The algorithm's design is preceded by overview and analysis of current tunneling tools and their shared characteristics. The tunnelling tool iodine is given extra attention and is used to carry out more complex tests and benchmarks. The thesis concludes by testing the implemented algorithm on real data and highlighting its strengths and shortcomings.
|
guest ::
