|
|
Spam Detection Using DNS MX Records
Plotěný, Ondřej ; Krobot, Pavel (referee) ; Kováčik, Michal (advisor)
The aim of this thesis is the detection of malicious spammer hosts based on passive analysis of captured DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on high volume of MX query per host and high NXDomain ratio. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.
|
|
|
Antispam protection of web pages
Orsák, David ; Míča, Ivan (referee) ; Kacálek, Jan (advisor)
This thesis deals with questions of spam especially for web pages. The work specifies the term spam, history of spam and that individual division according to way diffusion and type sight. Here is decrypted questions legislature for spam and assessment consequences for this issue. With problem of spam is closely linked the botnets, which are main sources of spam, in this thesis is decrypted how botnet work and witch botnets are the biggest in this time that mean botnet which delivered the most of spam per day. The main part this work is to defined and decrypted different ways of spam protecting websites. Here are given type of protection from basic protection for hardy form protection, name CAPTCHA. In the practical part of the thesis offers some variants CAPTCHA, which could be reused for antispam protection for web pages
|
|
|
Cryptovirology and Future of Malware
Prchal, Josef ; Říha, Zdeněk (referee) ; Cvrček, Daniel (advisor)
Malware is connected to information technology. They influence each other. The aim of this thesis is to describe various types of this software and give a brief account of its history and development. It also discusses main trends of this area and tries to foretell the future development.
|
|
|
Detection of Network Attack Using HTTP Analysis
Pastuszek, Jakub ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This experimental thesis describes cummunication protocol HTTP a its following extensions. Using monitoring network flows is able to obtain information about HTTP communication in the form of IPFIX. The detection takes place over already colleted data (Post Mortem). These data are used to detect attacks on a web server. Data contain extended attributes especially HTTP headers with which is able to detect such an attack. The main objective of this work is to propose solutions for detecting network attacks by analyzing HTTP headers. Afterward test final detection application and compare it with existing solution.
|
|
|
Classification of Domain Names Generated by DGA
Bučko, Filip ; Žádník, Martin (referee) ; Hranický, Radek (advisor)
The DGA (Domain Generation Algorithm) is a technique that allows malware to receive commands from an attacker while avoiding detection. The main objective of this thesis is to build a system for the detection and classification of DGA domains in order to uncover malicious communication. For the purpose of detection, a binary classifier based on machine learning is designed and implemented in this work. Classification plays a crucial role in the automated analysis of malware and thus ensures proactive defense. Additionally, 4 classifiers based on different approaches are introduced for the classification of domains into DGA families. Subsequently, the advantages and disadvantages of presented approaches are identified. The final implementation of multi-class classification consists of a combination of classifiers that provide the best results. Furthermore, this work identifies characteristics specific to DGA domains that are necessary for the creation of classifiers. Testing the resulting implementation of classifiers demonstrates high accuracy in both DGA domain detection and classification.
|
|
|
Modern ways to design fully distributed, decentralized and stealthy worms
Szetei, Norbert ; Krištofič, Milutín (advisor) ; Balyo, Tomáš (referee)
The thesis deals with the study of the computer worm meeting several criteria (it should be fully distributed, decentralized and stealthy). These conditions lead to anonymity, longevity and better security of our worm. After presenting the recently used architectures and new technologies we analyse the known implementations. We propose the solutions with the new design together with the possible ways of improvements. In the next chapter we study biological concepts suitable for the new replication mode, where we implement the key concepts of functionality in a higher programming language. At design we have considered as important to be platform independent, so it is possible for the worm to spread in almost every computer environment, in dependence of implementation of the required modules. Powered by TCPDF (www.tcpdf.org)
|
|
|
Security System for Web Application Attacks Elimination
Vašek, Dominik ; Zobal, Lukáš (referee) ; Jeřábek, Kamil (advisor)
Nowadays, botnet attacks that aim to overwhelm the network layer by malformed packets and other means are usually mitigated by hardware intrusion detection systems. Application layer botnet attacks, on the other hand, are still a problem. In case of web applications, these attacks contain legitimate traffic that needs to be processed. If enough bots partake in this attack, it can lead to inaccessibility of services provided and other problems, which in turn can lead to financial loss. In this thesis, we propose a detection and mitigation system that can detect botnet attacks in realtime using statistical approach. This system is divided into several modules that together cooperate on the detection and mitigation. These parts can be further expanded. During the testing phase, the system was able to capture approximately 60% of botnet attacks that often focused on spam, login attacks and also DDoS. The number of false positive addresses is below 5%.
|
|
|
Detection of Malicious Domain Names
Setinský, Jiří ; Perešíni, Martin (referee) ; Tisovčík, Peter (advisor)
The bachelor thesis deals with the detection of artificially generated domain names (DGA). The generated addresses serve as a means of communication between the attacker and the infected computer. By detection, we can detect and track infected computers on the network. The detection itself is preceded by the study of machine learning techniques, which will then be applied in the creation of the detector. To create the final classifier in the form of a decision tree, it was necessary to analyze the principle of DGA addresses. Based on their characteristics, the attributes were extracted, according to which the final classifier will be decided. After learning the classification model on the training set, the classifier was implemented in the target platform NEMEA as a detection module. After final optimizations and testing, we achieved a accuracy of the classifier of 99%, which is a very positive result. The NEMEA module is ready for real-world deployment to detect security incidents. In addition to the NEMEA module, another model was created to predict the accuracy of datasets with domain names. The model is trained based on the characteristics of the dataset and the accuracy of the DGA detector, whose behavior we want to predict.
|
|
|
Modern ways to design fully distributed, decentralized and stealthy worms
Szetei, Norbert ; Krištofič, Milutín (advisor) ; Balyo, Tomáš (referee)
The thesis deals with the study of the computer worm meeting several criteria (it should be fully distributed, decentralized and stealthy). These conditions lead to anonymity, longevity and better security of our worm. After presenting the recently used architectures and new technologies we analyse the known implementations. We propose the solutions with the new design together with the possible ways of improvements. In the next chapter we study biological concepts suitable for the new replication mode, where we implement the key concepts of functionality in a higher programming language. At design we have considered as important to be platform independent, so it is possible for the worm to spread in almost every computer environment, in dependence of implementation of the required modules. Powered by TCPDF (www.tcpdf.org)
|
|
|
Security inspection of network traffic
Kult, Viktor ; Havránek, Martin (advisor) ; Ladislav, Ladislav (referee)
Thesis topic concerns the issue of information security in corporate environments. Literature search includes information obtained by studying articles and literature in the field of information security. Resources were selected with a focus on the security risks, security technologies and legislative regulation. Attention is focused on technology that supports monitoring of communication flows in the data network. Overview of traffic operating a data network provides important information for the prevention or investigation of security incidents. Monitoring also serves as a source of information for the planning of the network infrastructure. It can detect faults or insufficient transmission capacity. The practical part is dedicated to implementation of the monitoring system in the real corporate networks. Part of the experience is the analysis of the network structure and choice of appropriate tools for actual implementation. When selecting tools, you can use the scoring method of multicriterial analysis options. The integration of the monitoring system is also the configuration of active network elements. Subsequent analysis of network traffic provides information about the most active users, most used applications or on the sources and targets of data transmitted. It provides a source of valuable information that can be used in case of failure on the network or security incident. The conclusion is a summary of the results and workflow.
|
guest ::
