|
| |
|
|
Monitoring Service Properties of an IPFIX Collector
Kala, Jan ; Žádník, Martin (referee) ; Wrona, Jan (advisor)
This bachelor's thesis addresses possible ways of monitoring IPFIX collector, which is used for the collection of metadata about network traffic. The thesis briefly introduces the pro- blematics of monitoring and describes the current state of IPFIX collector, which is being developed by an organization called CESNET. It also describes service properties, which can be monitored during the process of data collection using the IPFIX protocol. A new plugin is described, which is intended for the collection and the export of service properties. The thesis describes an implementation and contains results of testing of the new plugin.
|
|
|
Interactive Web Interface for IP Flow Data
Salač, Radek ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This thesis describes development of application for analyzing IP flow data. The author conducts relative comparison of already existing protocols and tools and studies theirs pro's and con's. Based on this comparison and features requested by users, author develops his own application primarly focused on interactive and user-friendly interface for working with IP flow data.
|
|
|
Secure Transport of NetFlow and IPFIX Records
Štěpánek, Adam ; Grégr, Matěj (referee) ; Podermański, Tomáš (advisor)
This bachelor thesis deals with an IP flow based data network monitoring system. It presents the architecture of the NetFlow based monitoring, explains the basic terms, the NetFlow protocol and its alternatives. Further, weak spots of the monitoring systems are determined and a conceptual solution is proposed. This solution is implemented and described in detail. Finally, testing methods and results are discussed and the possibilities of further development and optimization are proposed.
|
|
|
Profiling of Network Traffic for DDoS Mitigation
Ligocká, Alexandra ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
The aim of this work is to propose metrics for \gls{ddos} attacks detection and setting the thresholds of normal network traffic in a given computer network at different levels of detail. Based on the selected metrics and network flow data, a network profile is extracted and afterwards stored in memory. Within the implementation part, this work deals with the implementation of program for the collection and calculation of specified metrics, their processing, storage and provides a simple interface providing access to stored data.
|
|
|
Mitigation of Volumetric DDoS Attacks in SDN Environment
Hodes, Vojtěch ; Křepelka, Václav (referee) ; Škorpil, Vladislav (advisor)
The aim of this Master's thesis is to explore different attitudes and to design various monitoring and detection concepts of volumetric DDoS attacks in core networks. The thesis deals with data flow control protocols with an emphasis on a modern technology of Software Defined Networks. The last part of the thesis describes verification of the theory by setting up a laboratory environment for volumetric DDoS UDP Flood simulation, detection and automated mitigation.
|
|
|
User accounting in next generation networks
Grégr, Matěj ; Pustka,, Martin (referee) ; Satrapa,, Pavel (referee) ; Švéda, Miroslav (advisor)
Velikost sítě Internet dosáhla takového rozměru, že globálně jednoznačná adresace všech připojených zařízení již není možná při zachování současné architektury TCP/IPv4. Tímto problémem se začalo zabývat již v 90. letech a od té doby bylo představeno několik návrhů nových architektur a síťových protokolů, které mají či měly ambice omezení adresace vyřešit. V současné době, v roce 2016, je jediným globálně nasazovaným řešením problému adresace protokol IPv6. Tento protokol zvětšuje velikosti síťové adresy čímž umožňuje adresovat téměř libovolné množství zařízení, ovšem za cenu nekompatibility se současným protokolem IPv4. Rozdílně se také staví ke způsobu automatické konfigurace koncových zařízení, proměnlivé velikosti síťové hlavičky a omezení nekompatibility řeší různými přechodovými mechanismy. Tato práce diskutuje dopady, které tyto změny mají na oblast monitorování a účtování uživatelů. Zejména změny způsobu konfigurace adresy vyžadují jiný přístup než v současných monitorovacích systémech, které ukládají pouze metadata o síťové komunikace pomocí protokolu NetFlow/IPFIX. Práce je zaměřena primárně na vyřešení problému účtování uživatelů v sítích kde jsou souběžně nasazeny protokoly IPv4 i IPv6, použity tunelovací přechodové mechanismy nebo překlad adres. Část práce je za- měřena na měření globálního vývoje a nasazení protokolu IPv6 mezi koncovými poskytovateli internetového připojení, poskytovateli obsahu a páteřními operátory.
|
|
|
Network Protection Using NetFlow Data
Sedlář, Petr ; Žádník, Martin (referee) ; Tobola, Jiří (advisor)
This document provides information about Cisco NetFlow technology and its usage to protect networks from different types of attacks. Part of the document is a summary of common security risks in term of their detection on network and transport layer. There are specified characteristics of NetFlow data containing samples of security risks. On the basis of these characteristics, an application for detection these risks is designed and implemented.
|
|
|
IP Flow Filtration and Profiling
Sedlák, Michal ; Tisovčík, Peter (referee) ; Kučera, Jan (advisor)
This thesis addresses the problem of filtering and profiling IP flows, primarily data of IPFIXsystems. Within the work, a general filtering component is designed and implemented, whichaims to be sufficiently efficient and flexible for use in other projects related to IP flows. Thiscomponent is then adapted to work with data in the IPFIX protocol format and integratedinto the existing modular collector IPFIXcol2 in the form of plugins adding the support forfiltering of passing IPFIX data and their sorting into profiles.
|
|
|
Effective Network Anomaly Detection Using DNS Data
Fomiczew, Jiří ; Žádník, Martin (referee) ; Kováčik, Michal (advisor)
This thesis describes the design and implementation of system for effective detection of network anomaly using DNS data. Effective detection is accomplished by combination and cooperation of detectors and detection techniques. Flow data in NetFlow and IPFIX formats are used as input for detection. Also packets in pcap format can be used. Main focus is put on detection of DNS tunneling. Thesis also describes Domain Name System (DNS) and anomalies associated with DNS.
|
guest ::
