|
|
Application Monitoring of IoT Devices
Krajč, Patrik ; Ryšavý, Ondřej (referee) ; Matoušek, Petr (advisor)
IoT devices use various standards at the level of the transmission medium and communication protocol. The aim of the work is to create a system, which we can unify a heterogeneous network of the Internet of Things for monitoring purposes. For data collection from the IoT network was used the Home Assistant platform which is uses SNMP agent we created. The monitoring system includes the Nagios core system, which is extended with machine learning-based anomaly detection.
|
|
|
System Log Analysis for Anomaly Detection Using Machine Learning
Šiklóši, Miroslav ; Fujdiak, Radek (referee) ; Hošek, Jiří (advisor)
Táto diplomová práca sa venuje problematike využitia strojového učenia na detekciu anomálií na základe analýzy systémových logov. Navrhnuté modely sú založené na algoritmoch strojového učenia s učiteľom, bez učiteľa a na hlbokom učení. Funkčnosť a správanie týchto algoritmov sú objasnené ako teoreticky, tak aj prakticky. Okrem toho boli využité metódy a postupy na predspracovanie dát predtým, než boli vložené do modelov strojového učenia. Navrhnuté modely sú na konci porovnané s využitím viacerých metrík a otestované na syslogoch, ktoré modely predtým nevideli. Najpresnejší výkon podali modely Klasifikátor rozhodovacích stromov, Jednotriedny podporný vektorový stroj a model Hierarchické zoskupovanie, ktoré správne označili 93,95%, 85,66% a 85,3% anomálií v uvedenom poradí.
|
|
|
Network Anomaly Detection Based on PCA
Krobot, Pavel ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with subject of network anomaly detection. The method, which will be described in this thesis, is based on principal component analysis. Within the scope of this thesis original design of this method was studied. Another two extensions of this basic method was studied too. Basic version and last extension was implemented with one little additional extension. This one was designed in this thesis. There were series of tests made above this implementation, which provided two findings. First, it shows that principal component analysis could be used for network anomaly detection. Second, even though the proposed method seems to be functional for network anomaly detection, it is still not perfect and additional research is needed to improve this method.
|
|
|
Network Anomaly Detection
Bartoš, Václav ; Kořenek, Jan (referee) ; Žádník, Martin (advisor)
This work studies systems and methods for anomaly detection in computer networks. At first, basic categories of network security systems and number of methods used for anomaly detection are briefly described. The core of the work is an optimization of the method based on detection of changes in distributions of packet features originally proposed by Lakhina et al. This method is described in detail and two optimizations of it are proposed -- first is focused to speed and memory efficiency, second improves its detection capabilities. Next, a software created to test these optimizations is briefly described and results of experiments on real data with artificially generated and also real anomalies are presented.
|
|
|
Anomaly Detection Based on SNMP Communication
Štěpán, Daniel ; Drga, Jozef (referee) ; Očenášek, Pavel (advisor)
The aim of this thesis was to develop a practically applicable set of methods for classification and detection of anomalies in computer network environments. I have created extensions to the network monitoring system in the form of two modules for an open source network monitoring tool based on machine learning. The created modules can learn the characteristics of normal network traffic. The first module, based on the algorithm Random Forest Classifier, detects and is able to classify several known denial-of-service attacks. The second module, based on the algorithm Local Outlier Factor, detects anomalous levels of network traffic. Attacks that the first module is able to classify are the following: TCP SYN flood, UDP flood and ICMP flood. Moreover, it was trained to detect the SSH Bruteforce attacks and the slow and fragmented Slowloris attack. While working on this thesis, I tested the device using the methods mentioned above. The experiments showed that the classification-based module is able to detect known attacks, except for the Slowloris attack, whose characteristics are not very different from normal traffic. The second module sucessfully detects higher levels of network traffic, but does not perform the classification.
|
|
|
Crowd Behavior Anomaly Detection in Drone Videodata
Bažout, David ; Herout, Adam (referee) ; Beran, Vítězslav (advisor)
There have been lots of new drone applications in recent years. Drones are also often used in the field of national security forces. The aim of this work is to design and implement a tool intended for crowd behavior analysis in drone videodata. This tool ensures identification of suspicious behavior of persons and facilitates its localization. The main benefits include the design of a suitable video stabilization algorithm to stabilize small jitters, as well as trace back of the lost scene. Furthermore, two anomaly detectors were proposed, differing in the method of feature vector extraction and background modeling. Compared to the state of the art approaches, they achieved comparable results, but at the same time they brought the possibility of online data processing.
|
|
|
Anomaly Detection in IoT Networks
Halaj, Jozef ; Hujňák, Ondřej (referee) ; Kořenek, Jan (advisor)
The goal of the thesis was an analysis of IoT communication protocols, their vulnerabilities and the creation of a suitable anomaly detector. It must be possible to run the detector on routers with the OpenWRT system. To create the final solution, it was necessary to analyze the communication protocols BLE and Z-Wave with a focus on their security and vulnerabilities. Furthermore, it was necessary to analyze the possibilities of anomaly detection, design and implement the detection system. The result is a modular detection system based on the NEMEA framework. The detection system is able to detect re-pairing of BLE devices representing a potential pairing attack. The system allows interception of Z-Wave communication using SDR, detection of Z-Wave network scanning and several attacks on network routing. The system extends the existing detector over IoT statistical data with more detailed statistics with a broader view of the network. The original solution had only Z-Wave statistics with a limited view of the network obtained from the Z-Wave controller. The modular solution of the system provides deployment flexibility and easy system scalability. The functionality of the solution was verified by experiments and a set of automated tests. The system was also successfully tested on a router with OpenWRT and in the real world enviroment. The results of the thesis were used within the SIoT project.
|
|
|
Appropriate strategy for security incident detection in industrial networks
Kuchař, Karel ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
This diploma thesis is focused on problematics of the industrial networks and offered security by the industrial protocols. The goal of this thesis is to create specific methods for detection of security incidents. This thesis is mainly focused on protocols Modbus/TCP and DNP3. In the theoretical part, the industrial protocols are described, there are defined vectors of attacks and is described security of each protocol. The practical part is focused on the description and simulation of security incidents. Based on the data gathered from the simulations, there are identified threats by the introduced detection methods. These methods are using for detecting the security incident an abnormality in the network traffic by created formulas or machine learning. Designed methods are implemented to IDS (Intrusion Detection System) of the system Zeek. With the designed methods, it is possible to detect selected security incidents in the destination workstation.
|
|
|
Data Mining Case Study in Python
Stoika, Anastasiia ; Burgetová, Ivana (referee) ; Zendulka, Jaroslav (advisor)
This thesis focuses on basic concepts and techniques of the process known as knowledge discovery from data. The goal is to demonstrate available resources in Python, which enable to perform the steps of this process. The thesis addresses several methods and techniques focused on detection of unusual observations, based on clustering and classification. It discusses data mining task for data with the limited amount of inspection resources. This inspection activity should be used to detect unusual transactions of sales of some company that may indicate fraud attempts by some of its salespeople.
|
|
|
Wi-Fi Communication Anomaly Detection
Lička, Zbyněk ; Homoliak, Ivan (referee) ; Očenášek, Pavel (advisor)
This thesis deals with anomaly detection in communication using the IEEE 802.11 technology (Wi-Fi) at the data link layer of OSI. The neural network method, specifically LSTM recurrent neural network, has been chosen for anomaly detection purposes. Initially, the focus area and motivation for anomaly detection in a computer network environment is described. Then, various methods for anomaly detection in computer networking are described. Thesis continues with analysis of the requirements for the system and a draft of the final system, including the chosen method, continuing with implementation of the system and model. Testing and evaluation of results takes place before the theses' conclusion.
|
guest ::
