|
|
Network Protection Using NetFlow Data
Sedlář, Petr ; Žádník, Martin (referee) ; Tobola, Jiří (advisor)
This document provides information about Cisco NetFlow technology and its usage to protect networks from different types of attacks. Part of the document is a summary of common security risks in term of their detection on network and transport layer. There are specified characteristics of NetFlow data containing samples of security risks. On the basis of these characteristics, an application for detection these risks is designed and implemented.
|
|
|
IP Flow Filtration and Profiling
Sedlák, Michal ; Tisovčík, Peter (referee) ; Kučera, Jan (advisor)
This thesis addresses the problem of filtering and profiling IP flows, primarily data of IPFIXsystems. Within the work, a general filtering component is designed and implemented, whichaims to be sufficiently efficient and flexible for use in other projects related to IP flows. Thiscomponent is then adapted to work with data in the IPFIX protocol format and integratedinto the existing modular collector IPFIXcol2 in the form of plugins adding the support forfiltering of passing IPFIX data and their sorting into profiles.
|
|
|
Effective Network Anomaly Detection Using DNS Data
Fomiczew, Jiří ; Žádník, Martin (referee) ; Kováčik, Michal (advisor)
This thesis describes the design and implementation of system for effective detection of network anomaly using DNS data. Effective detection is accomplished by combination and cooperation of detectors and detection techniques. Flow data in NetFlow and IPFIX formats are used as input for detection. Also packets in pcap format can be used. Main focus is put on detection of DNS tunneling. Thesis also describes Domain Name System (DNS) and anomalies associated with DNS.
|
|
|
DHCP Monitoring Using IPFIX
Vaňátko, Matěj ; Polčák, Libor (referee) ; Matoušek, Petr (advisor)
This thesis describes procedures for traffic monitoring of network protocols BOOTP, DHCP for IPv4 and DHCP for IPv6 through netflow probes FlowMoon made by Invea-tech. There are outlined the issues of these protocols, the functionality of the FlowMoon probe, a general description of NetFlow and the description of the solution for collecting and evaluation of the data. A deep analysis was made, and later on the modules for FlowMoon probe was written giving the possibility to monitoring of these protocols. Their implementation, method of testing and evaluation of gathered data is described in this paper.
|
|
|
Extraction of Available Information from SSH Protocol Headers
Ďurčanský, Norbert ; Bartoš, Václav (referee) ; Kořenek, Jan (advisor)
This paper analyzes issue regarding to extraction of available information from SSH protocol. To achieve this aim, knowledge about SSH protocol were used to implement plugin for FlowMon exporter. During the testing plugin was tested on real network and validated in terms of stability, efficiency and accuracy. The result plugin allows us to extract information from SSH protocol and futher analysis without decryption of traffic.
|
|
|
Mobile Application Monitoring Using TLS Fingerprints
Kočí, Jan ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
The main purpose of this thesis is to study the possibility of using TLS fingerprints for mobile application monitoring and apply these methods to monitor network flows created by the Flowmon probe. To create the fingerprints the JA3 and JA3S methods are used. Apart from the TLS fingerprints, the implemented classifier uses SNI values to classify input flows. First, a dataset containing fingerprints of selected applications is created. This dataset is used together with the implemented classifier to classify input flows. Following is a description of the proposed classification methods and the implemented classifier. The classifier is evaluated using the Accuracy, Precision and Recall evaluation metrics. Finally, the classifier is used in several experiments that demonstrate its possible applications.
|
|
|
Correlating IPFIX Records of Proxy Server Traffic
Krůl, Michal ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This thesis engages the problem of correlation the network flow records. It tries to find solution, which would allow to automatically pinpoint correlating flows on both sides of the proxy server. For this purpose, a dataset containing captured network traffic is created, which then serves as a base for analysis. Based on the results of the analysis a solution is presented, which is consequently tested and discussed.
|
|
|
IP Address Activity Monitoring
Pilátová, Kateřina ; Krobot, Pavel (referee) ; Bartoš, Václav (advisor)
Poslední dobou se objem přenášených dat po síti neustále zvyšuje. K urychlení prohledávání dat je potřeba mít způsob jejich vhodné indexace. Tato bakalářská práce se zabývá tímto problémem, konkrétně ukládáním a vyhledáváním dat za účelem zjištění aktivity komunikujících IP adres. Cílem této práce je navrhnout a implementovat systém pro efektivní dlouhodobé ukládání a vizualizaci aktivity IP adres. Aktivitou je myšleno, zda daná adresa generovala provoz v daném intervalu či ne, tedy lze ji reprezentovat jediným bitem, což redukuje objem prohledávaných dat. Výsledný systém se skládá z backendu monitorujícího provoz a ukládajícího záznamy o aktivitě do uložiště a jejich parametry do konfiguračního souboru. Dále obsahuje webový server, který na základě požadavků uživatele data čte a vizualizuje ve formě obrázků. Uživatel může specifikovat oblast dat, kterou chce zkoumat podrobněji, pomocí interaktivního webového rozhraní.
|
|
|
Optimization of Distributed Network Flow Collector
Wrona, Jan ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
This thesis is focused on the optimization of distributed IP flow information collector. Nowadays, the centralized collector is a frequently used solution but is already reaching its performance limits in large scale and high-speed networks. The implementation of the distributed collector is in its early phase and it is necessary to look for solutions that will use it to its full potential. Therefore this thesis proposes a shared nothing architecture without a single point of failure. Using the above proposed architecture, the distributed collector is tolerant to the failure of at least one node. A distributed flow data analysis software, whose performance scales linearly with the number of nodes, is also part of this thesis.
|
|
|
Netflow Data Application Interface
Šoltés, Miroslav ; Matoušek, Petr (referee) ; Podermański, Tomáš (advisor)
This diploma thesis deals with design and implementation of NetFlow data manipulation tool. It contains analysis of IP Flow network monitoring, description of nfdump tool and format of Netflow v9 records saved by nfdump. The focus of this application interface lies in effective manipulation with NetFlow records.
|
guest ::
