|
|
User Behavior Anomaly Detection
Petrovič, Lukáš ; Veselý, Vladimír (referee) ; Pluskal, Jan (advisor)
The aim of this work is to create an application that allows modeling of user behavior and subsequent search for anomalies in this behavior. An application entry is a list of actions the user has executed on his workstation. From this information and from information about the events that occurred on this device the behavioral model for a specific time is created. Subsequently, this model is compared to models in different time periods or with other users' models. From this comparison, we can get additional information about user behavior and also detect anomalous behavior. The information about the anomalies is useful to build security software that prevents valuable data from being stolen (from the corporate enviroment).
|
|
|
Automated Processing of Network Service Logs in Linux
Hodermarsky, Jan ; Jeřábek, Jan (referee) ; Ilgner, Petr (advisor)
This thesis is focused on design and implementation of software for a prophylactic real-time logfile analysis and a consequent threat detection apparent therein. The software is to concentre particularly on network services, respectively, on the log files thereof, on Linux platform. The log files are observed for potential security breach attempts in regard to respective service as defined in the configuration file. The present thesis purports to reach the largest extent of versatility possible for a straightforward configuration of a new service which is to be monitored and protected by the software. An important asset of the work is a web-based interface accessible through HTTP protocol which allows the software to be administered remotely with ease.
|
|
|
Statistical Analysis of Anomalies in Sensor Data
Gregorová, Kateřina ; Čmiel, Vratislav (referee) ; Sekora, Jiří (advisor)
This thesis deals with the failure mode detection of aircraft engines. The main approach to the detection is searching for anomalies in the sensor data. In order to get a comprehensive idea of the system and the particular sensors, the description of the whole system, namely the aircraft engine HTF7000 as well as the description of the sensors, are dealt with at the beginning of the thesis. A proposal of the anomaly detection algorithm based on three different detection methods is discussed in the second chapter. The above-mentioned methods are SVM (Support Vector Machine), K-means a ARIMA (Autoregressive Integrated Moving Average). The implementation of the algorithm including graphical user interface proposal are elaborated on in the next part of the thesis. Finally, statistical analysis of the results,the comparison of efficiency particular models and the discussion of outputs of the proposed algorithm can be found at the end of the thesis.
|
|
|
Data Mining Case Study in Python
Stoika, Anastasiia ; Burgetová, Ivana (referee) ; Zendulka, Jaroslav (advisor)
This thesis focuses on basic concepts and techniques of the process known as knowledge discovery from data. The goal is to demonstrate available resources in Python, which enable to perform the steps of this process. The thesis addresses several methods and techniques focused on detection of unusual observations, based on clustering and classification. It discusses data mining task for data with the limited amount of inspection resources. This inspection activity should be used to detect unusual transactions of sales of some company that may indicate fraud attempts by some of its salespeople.
|
|
|
Deep Neural Networks for Defect Detection
Juřica, Tomáš ; Herout, Adam (referee) ; Hradiš, Michal (advisor)
The goal of this work is to bring automatic defect detection to the manufacturing process of plastic cards. A card is considered defective when it is contaminated with a dust particle or a hair. The main challenges I am facing to accomplish this task are a very few training data samples (214 images), small area of target defects in context of an entire card (average defect area is 0.0068 \% of the card) and also very complex background the detection task is performed on. In order to accomplish the task, I decided to use Mask R-CNN detection algorithm combined with augmentation techniques such as synthetic dataset generation. I trained the model on the synthetic dataset consisting of 20 000 images. This way I was able to create a model performing 0.83 AP at 0.1 IoU on the original data test set.
|
|
|
Anomaly Detection Using Generative Adversarial Networks
Měkota, Ondřej ; Fink, Jiří (advisor) ; Pilát, Martin (referee)
Generative adversarial networks (GANs) are able to capture distribution of its inputs. They are thus used to learn the distribution of normal data and then to detect anoma- lies, even if they are very rare; e.g. Schlegl et al. (2017) proposed an anomaly detection method called AnoGAN. However, a major disadvantage of GANs is instability during training. Therefore, Arjovsky et al. (2017) proposed a new version, called Wasserstein GAN (WGAN). The goal of this work is to propose a model, utilizing WGANs, to detect fraudulent credit card transactions. We develop a new method called AnoWGAN+e, partially based on AnoGAN, and compare it with One Class Support Vector Machines (OC-SVM) (Schöl- kopf et al. (2001)), k-Means ensemble (Porwal et al. (2018)) and other methods. Perfor- mance of studied methods is measured by area under precision-recall curve (AUPRC), and precision at different recall levels on credit card fraud dataset (Pozzolo (2015)). AnoW- GAN+e achieved the highest AUPRC and it is 12% better than the next best method OC-SVM. Furthermore, our model has 20% precision at 80% recall, compared to 8% precision of OC-SVM, and 89% precision at 10% recall as opposed to 79% of k-Means ensemble. 1
|
|
|
Methods for Network Traffic Classification
Jacko, Michal ; Ovšonka, Daniel (referee) ; Barabas, Maroš (advisor)
This paper deals with a problem of detection of network traffic anomaly and classification of network flows. Based on existing methods, paper describes proposal and implementaion of a tool, which can automatically classify network flows. The tool uses CUDA platform for network data processing and computation of network flow metrics using graphics processing unit. Processed flows are subsequently classified by proposed methods for network anomaly detection.
|
|
|
Behavioral Analysis of Network Traffic and (D)DoS Attack Detection
Chapčák, David ; Hajný, Jan (referee) ; Malina, Lukáš (advisor)
The semestral thesis deals with the analysis of the modern open-source NIDPS tools for monitoring and analyzing the network traffic. The work rates these instruments in terms of their network location and functions. Also refers about more detailed analysis of detecting and alerting mechanisms. Further analyzes the possibilities of detection of anomalies, especially in terms of statistical analysis and shows the basics of other approaches, such as approaches based on data mining and machine learning. The last section presents specific open-source tools, deals with comparison of their activities and the proposal allowing monitoring and traffic analysis, classification, detection of anomalies and (D)DoS attacks.
|
|
| |
|
|
Portscan Detection in High-Speed Networks
Kapičák, Daniel ; Kekely, Lukáš (referee) ; Bartoš, Václav (advisor)
In this thesis, I present the method to efficiently detect TCP port scans in very high-speed links. The main idea of this method is to discard most of the handshake packets without loss in accuracy. With two Bloom filters that track active destinations and TCP handshakes, the algorithm can easily discard about 80\% of all handshake packets with negligible loss in accuracy. This significantly reduces both the memory requirements and CPU cost. Next, I present my own extension of this algorithm, which significantly reduces the number of false positives caused by the lack of communication from the server to the client. Finally, I evaluated this algorithm using packet traces and live traffic from CESNET . The result showed that this method requires less than 2 MB to accurately monitor very high-speed links, which perfectly fits in the cache memory of today's processors.
|
guest ::
