|
|
On possible approaches to detecting robotic activity of botnets
Prajer, Richard ; Palovský, Radomír (advisor) ; Pavlíček, Luboš (referee)
This thesis explores possible approaches to detecting robotic activity of botnets on network. Initially, the detection based on full packet analysis in consideration of DNS, HTTP and IRC communication, is described. However, this detection is found inapplicable for technical and ethical reasons. Then it focuses on the analysis based on network flow metadata, compiling them to be processable in machine learning. It creates detection models using different machine learning methods, to compare them with each other. Bayes net method is found to be acceptable for detecting robotic activity of botnets. The Bayesian model is only able to identify the botnet that already executes the commands sent by its C&C server. "Sleeping" botnets are not reliably detectable by this model.
|
|
|
Fast Generator of Network Flows
Budiský, Jakub ; Dvořák, Milan (referee) ; Matoušek, Jiří (advisor)
Tato diplomová práce se věnuje analýze existujících řešení pro generování síťového provozu určeného k testování síťových komponent. Zaměřuje se na generátory na úrovni IP síťových toků a pokrývá návrh a implementaci generátoru, zvaného FLOR, schopného vytvářet syntetický síťový provoz rychlostí až několik desítek gigabitů za sekundu. K plánování toků využívá náhodného procesu. Vytvořená aplikace je otestována a porovnána s existujícími nástroji. V závěru jsou navrženy další vylepšení a optimalizace.
|
|
|
Memory Reduction of Stateful Network Traffic Processing
Hlaváček, Martin ; Puš, Viktor (referee) ; Kořenek, Jan (advisor)
This master thesis deals with the problems of memory reduction in the stateful network traffic processing. Its goal is to explore new possibilities of memory reduction during network processing. As an introduction this thesis provides motivation and reasons for need to search new method for the memory reduction. In the following part there are theoretical analyses of NetFlow technology and two basic methods which can in principle reduce memory demands of stateful processing. Later on, there is described the design and implementation of solution which contains the application of these two methods to NetFlow architecture. The final part of this work summarizes the main properties of this solution during interaction with real data.
|
|
|
BigData Approach to Management of Large Netflow Datasets
Melkes, Miloslav ; Ráb, Jaroslav (referee) ; Ryšavý, Ondřej (advisor)
This master‘s thesis focuses on distributed processing of big data from network communication. It begins with exploring network communication based on TCP/IP model with focus on data units on each layer, which is necessary to process during analyzation. In terms of the actual processing of big data is described programming model MapReduce, architecture of Apache Hadoop technology and it‘s usage for processing network flows on computer cluster. Second part of this thesis deals with design and following implementation of the application for processing network flows from network communication. In this part are discussed main and problematic parts from the actual implementation. After that this thesis ends with a comparison with available applications for network analysis and evaluation set of tests which confirmed linear growth of acceleration.
|
guest ::
