|
|
Security analysis of network traffic using behavioral signatures
Barabas, Maroš ; Hujňák,, Petr (referee) ; Zelinka,, Ivan (referee) ; Hanáček, Petr (advisor)
This thesis focuses on description of the current state of research in the detection of network attacks and subsequently on the improvement of detection capabilities of specific attacks by establishing a formal definition of network metrics. These metrics approximate the progress of network connection and create a signature, based on behavioral characteristics of the analyzed connection. The aim of this work is not the prevention of ongoing attacks, or the response to these attacks. The emphasis is on the analysis of connections to maximize information obtained and definition of the basis of detection system that can minimize the size of data collected from the network, leaving the most important information for subsequent analysis. The main goal of this work is to create the concept of the detection system by using defined metrics for reduction of the network traffic to signatures with an emphasis on the behavioral aspects of the communication. Another goal is to increase the autonomy of the detection system by developing an expert knowledge of honeypot system, with the condition of independence to the technological aspects of analyzed data (e.g. encryption, protocols used, technology and environment). Defining the concept of honeypot system's expert knowledge in the role of the teacher of classification algorithms creates autonomy of the~system for the detection of unknown attacks. This concept also provides the possibility of independent learning (with no human intervention) based on the knowledge collected from attacks on these systems. The thesis describes the process of creating laboratory environment and experiments with the defined network connection signature using collected data and downloaded test database. The results are compared with the state of the art of the network detection systems and the benefits of the proposed approximation methods are highlighted.
|
|
| |
|
|
Honeypot: a tool for fighting malware
Karger, David ; Lieskovan, Tomáš (referee) ; Hajný, Jan (advisor)
This bachelor thesis is focused on deploying a honeypot to fight malware. The aim was to study the issue of honeypots and their use in detection and analysis of malware. The first part is dedicated to malware, its history and individual types. The so-called botnet is described in the next part. The last part is devoted on the honeypot itself and its distribution. The practical realization is done through honeypots Cowrie and Mailoney.
|
|
|
Implementation of Honeypot tool for monitoring and analysis of network attacks
Němeček, Ladislav ; Červenka, Vladimír (referee) ; Bartl, Milan (advisor)
The goal of this thesis is to describe and categorize the malicious software. Thesis deals with the network attacks and the protection against them as well as how to detect and analyze the attack by the eligible tools. The next part of the thesis deals with the honeypot topic and the possibilities of detection using this software, specifically then the Argos tool. The installation, usage, and the methods of detection of the tool are also being described. The next chapter describes how to secure the honeypot against abuse. Last but not least, the thesis also contains the results of the network monitoring, attacks on the honeypot, and describes the log files used by Argos to interpret the results of the attack detection.
|
|
|
Security technology: Honeypot
Buriánek, Adam ; Halbich, Čestmír (advisor) ; Radomír, Radomír (referee)
The result of the thesis is to characterize the safety technology
honeypots, presentation of their capability to monitor security attacks, finding
motivation of the attackers and their techniques.
The theoretical part of solving the problems of the thesis is based on the study and analysis of mostly foreign expert information resources. The practical part is based on the specification and implementation of the most famous Honeypot on the Internet and the subsequent analysis of logs.
The benefit of the thesis are the results that have been offered and the network
security specialists for analysis and automatic recording of threats to records
third-party servers.
|
|
|
Monitoring of network attacks with honeypot systems
Krula, Jiří ; Vasilenko, Alexandr (advisor) ; Rostislav , Rostislav (referee)
This thesis focuses on the topic of honeypots technology and their use for network
attacks monitoring. It theoretically analyzes the honeypots and their variants honeynet and
honeytoken. The practical part describes how to deploy two open source solutions of
honeypot, Kippo and Dionaea.
Kippo honeypot can be classified, despite its limitations, as a high interactive
honeypot. This solution emulates the SSH service and it is primarily intended for the detection
and capture of brute force attacks on the service.
Dionaea is a honeypot designed primarily for capturing malware. It aims to capture
malware in the trap using the vulnerabilities of offered and exposed network services with the
aim to obtain a copy of the malware for subsequent analysis.
Data obtained from the real deployment of the proposed solutions are presented and
measures in relation to the SIEM instruments are proposed as well as improved security of the
protected network.
|
|
|
Implementation of Honeypot tool for monitoring and analysis of network attacks
Němeček, Ladislav ; Červenka, Vladimír (referee) ; Bartl, Milan (advisor)
The goal of this thesis is to describe and categorize the malicious software. Thesis deals with the network attacks and the protection against them as well as how to detect and analyze the attack by the eligible tools. The next part of the thesis deals with the honeypot topic and the possibilities of detection using this software, specifically then the Argos tool. The installation, usage, and the methods of detection of the tool are also being described. The next chapter describes how to secure the honeypot against abuse. Last but not least, the thesis also contains the results of the network monitoring, attacks on the honeypot, and describes the log files used by Argos to interpret the results of the attack detection.
|
|
|
Analyzis of Parallel Honeypot Tools
Antal, Lukáš ; Chmelař, Petr (referee) ; Drozd, Michal (advisor)
This bachelor thesis analyzes the selected shadow honeypot tool. The thesis explaines the need for having tool for early detection of a new type of cyber-attack. Shadow honeypot tool analyzed in the thesis is called Argos. Argos is one of the results of the international project called European Network of Affined honeypots (NoAH). The thesis includes thorough analysis and testing of Argos tool. The paper also includes implementation of Argos log files parsing utility.
|
|
|
Ssh Attacks Detection on Netflow Layer
Marek, Marcel ; Barabas, Maroš (referee) ; Michlovský, Zbyněk (advisor)
This bachelor's thesis briefly describes the basic principles of SSH protocol, its architecture and used encryption. The thesis is mainly focused on datamining information from low-level network communication and usage of its results for attacks detection. It also describes dictionary attacks used on SSH service and with NetFlow shows further possibilities of increasing network security.
|
|
|
Detection of Honeypot Systems in Network
Teknős, Martin ; Drozd, Michal (referee) ; Barabas, Maroš (advisor)
This thesis is focusing on detection of honeypot systems in network. It presents different techniques for detection of honeypot systems and then focuses on three of them: TCP/IP fingerprinting, clock skew estimation and service exercising. A console application was created, to test these selected techniques. The thesis describes a design of the application, its implementation and also presents results of experiments with the application and selected techniques.
|
guest ::
