|
|
Development of correlation rules for detecting cyber attacks
Dzadíková, Slavomíra ; Safonov, Yehor (referee) ; Martinásek, Zdeněk (advisor)
The diploma thesis deals with the problem of efficient processing of log records and their subsequent analysis using correlation rules. The goal of the thesis was to implement log processing in a structured form, extract individual log fields using a natural language processing model by solving a question answering problem, and develop correlation rules for detecting malicious behavior. Two datasets were produced during the task solution, one with records from Windows devices, and the other containing records from the Fortigate firewall. Pre-trained models based on the BERT and XLNet architecture were created and trained to solve the log parsing problem using the produced datasets, and the results were analyzed and compared. The second part of the thesis was devoted to the development of correlation rules, where the concept of a generic Sigma notation was investigated. It was developed, successfully tested and deployed six correlation rules into own experimental environment in Elastic Stack system. Each rule is also described by tactics, techniques and sub-techniques of the MITRE ATT&CK framework.
|
|
|
Detection of Cyber Attacks in Local Networks
Sasák, Libor ; Gerlich, Tomáš (referee) ; Malina, Lukáš (advisor)
This bachelor thesis focuses on the detection of attacks in the local network and the use of open source tools for this purpose. The first chapter deals with cyber attacks and also describes some of them. The second chapter focuses primarily on intrusion detection systems in general and also mentions and describes some open source systems. The third chapter briefly deals with the general division of attack detection methods. The fourth chapter introduces and describes the selected tool Suricata, which is also tested in the fifth chapter in the detection of various attacks, during which the behaviour and output of this tool are tracked. In the sixth chapter, the ARPwatch tool is presented and tested for ARP spoofing attack detection. The seventh and eighth chapters deal with the design and successful implementation of an attack detection system that provides output in the form of logs indicating malicious or suspicious traffic on the network. The ninth chapter deals with the design and implementation of the application with a graphical user interface, which clearly presents the mentioned logs and also allows other operations, including the essential control of the detection tools.
|
|
|
Automated Processing of Log Files in BeeeOn System
Beňo, Marek ; Krobot, Pavel (referee) ; Vampola, Pavel (advisor)
The paper concerns with processing of log files from server applications . System architecture is based on study of availible technologies . Firstly , design of unified log format and impelementation of unified logger library is described . Secondly , installation and configuration of used technologies and their integration is described . The result is log processing system designed to be scalable in the future . System was tested and integrated into project BeeeOn .
|
guest ::
