|
| |
|
|
Comparison of Network Anomaly Detection Methods
Pacholík, Václav ; Grégr, Matěj (referee) ; Bartoš, Václav (advisor)
This thesis focuses on methods for detection of network traffic anomalies. The preamble contains a short overview of all categories along with their corresponding examples. The next part details the three methods chosen for comparison: EWMA, Holt-Winters and the wavelet-based method. Furthermore are described generated input data attacks that were, along with the already discovered ones, used for rating of the compared methods detection abilities. Finally, optimal parameters are described along with other discovered flaws including suggestions for improvement.
|
|
|
Network Traffic Analysis Based on Clustering
Černý, Tomáš ; Drahošová, Michaela (referee) ; Bartoš, Václav (advisor)
This thesis focuses on anomaly detection in network traffic using clustering methods. First, basic anomaly detection methods are introduced. The next part describes hierarchical and k-means clustering in detail. Also there are described selected normalization techniques. Part is given to the procedure for detecting anomalies in the context of data mining. Furthermore a few words about implementation of single methods. Finally, clustering methods and normalization techniques are tested and compared.
|
|
|
Network Anomaly Detection Based on PCA
Krobot, Pavel ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with subject of network anomaly detection. The method, which will be described in this thesis, is based on principal component analysis. Within the scope of this thesis original design of this method was studied. Another two extensions of this basic method was studied too. Basic version and last extension was implemented with one little additional extension. This one was designed in this thesis. There were series of tests made above this implementation, which provided two findings. First, it shows that principal component analysis could be used for network anomaly detection. Second, even though the proposed method seems to be functional for network anomaly detection, it is still not perfect and additional research is needed to improve this method.
|
|
|
Detection of Network Attacks Based on NetFlow Data
Kulička, Vojtěch ; Tobola, Jiří (referee) ; Žádník, Martin (advisor)
With rising popularity of the internet there is also rising number of people misusing it. This thesis analyzes the problem of network attack detection based on NetFlow data. A program is designed to point out anomalous behaviour by analyzing the flow records using data mining techniques. The method of TCM-KNN utilizing the fact that attacks statistically deviate is implemented. Thus even new types of attacks are detected
|
|
|
Network Anomaly Detection
Bartoš, Václav ; Kořenek, Jan (referee) ; Žádník, Martin (advisor)
This work studies systems and methods for anomaly detection in computer networks. At first, basic categories of network security systems and number of methods used for anomaly detection are briefly described. The core of the work is an optimization of the method based on detection of changes in distributions of packet features originally proposed by Lakhina et al. This method is described in detail and two optimizations of it are proposed -- first is focused to speed and memory efficiency, second improves its detection capabilities. Next, a software created to test these optimizations is briefly described and results of experiments on real data with artificially generated and also real anomalies are presented.
|
|
|
Attack Detection by Analysis of the System's Logs
Holub, Ondřej ; Puš, Viktor (referee) ; Kaštil, Jan (advisor)
The thesis deals with the attack detection possibilities and the nonstandard behaviour. It focuses on problems with the IDS detection systems, the subsequent classification and methods which are being used for the attack detection. One part of the thesis presents the existing IDS systems and their properties which are necessary for the successful attack detection. Other parts describe methods to obtain information from the operating systems Microsoft Windows and it also analyses the theoretical methods of data abnormalities. The practical part focuses on the design and implementation of the HIDS application. The final application and its detection abilities are tested at the end of the practical part with the help of some model situations. In the conclusion, the thesis sums up the gained information and shows a possible way of the future development.
|
|
|
Detection of SYN Flood Attacks
Ruprich, Michal ; Kekely, Lukáš (referee) ; Bartoš, Václav (advisor)
The thesis deals with a topic of anomally detection in network traffic. The goal is to implement three algorithms which will be able to reveal SYN flooding types of network attacks. Used methods monitor network traffic in real time and create certain model of normal traffic behaviour. This model is then used to detect behaviour which does not fit the model and therefore is considered as an anomally. Algorithms were implemented in C and C++ programming languages.
|
|
|
Detection of Network Anomalies Based on NetFlow Data
Czudek, Marek ; Bartoš, Václav (referee) ; Kořenek, Jan (advisor)
This thesis describes the use of NetFlow data in the systems for detection of disruptions or anomalies in computer network traffic. Various methods for network data collection are described, focusing especially on the NetFlow protocol. Further, various methods for anomaly detection in network traffic are discussed and evaluated, and their advantages as well as disadvantages are listed. Based on this analysis one method is chosen. Further, test data set is analyzed using the method. Algorithm for real-time network traffic anomaly detection is designed based on the analysis outcomes. This method was chosen mainly because it enables detection of anomalies even in an unlabelled network traffic. The last part of the thesis describes implementation of the algorithm, as well as experiments performed using the resulting application on real NetFlow data.
|
|
|
Mobile Based Data Acquisition and Anomaly Detection
Ondrášek, Michael ; Holek, Radovan (referee) ; Honzík, Petr (advisor)
The work deals with the implementation of the specific architecture to detect anomalies in the classroom or in commercial use. The system consists of three parts: Measurement module, mobile applications and server part. Transmission between the measuring module of the server and the evaluation is carried out simultaneously with the visuals on the mobile device. All system components are implemented with the minimum cost and maximum expandability. All the necessary computing power is concentrated in the server part because of usability with multiple simultaneously operating mobile clients. Emphasis is placed on the solution architecture and the possibility of using the system as a whole, or selected portions separately. Finally, experiments are designed for the presentation of selected methods for anomaly detection.
|
guest ::
