|
|
Anomaly Detection Using Generative Adversarial Networks
Měkota, Ondřej ; Fink, Jiří (advisor) ; Pilát, Martin (referee)
Generative adversarial networks (GANs) are able to capture distribution of its inputs. They are thus used to learn the distribution of normal data and then to detect anoma- lies, even if they are very rare; e.g. Schlegl et al. (2017) proposed an anomaly detection method called AnoGAN. However, a major disadvantage of GANs is instability during training. Therefore, Arjovsky et al. (2017) proposed a new version, called Wasserstein GAN (WGAN). The goal of this work is to propose a model, utilizing WGANs, to detect fraudulent credit card transactions. We develop a new method called AnoWGAN+e, partially based on AnoGAN, and compare it with One Class Support Vector Machines (OC-SVM) (Schöl- kopf et al. (2001)), k-Means ensemble (Porwal et al. (2018)) and other methods. Perfor- mance of studied methods is measured by area under precision-recall curve (AUPRC), and precision at different recall levels on credit card fraud dataset (Pozzolo (2015)). AnoW- GAN+e achieved the highest AUPRC and it is 12% better than the next best method OC-SVM. Furthermore, our model has 20% precision at 80% recall, compared to 8% precision of OC-SVM, and 89% precision at 10% recall as opposed to 79% of k-Means ensemble. 1
|
|
|
Methods for Network Traffic Classification
Jacko, Michal ; Ovšonka, Daniel (referee) ; Barabas, Maroš (advisor)
This paper deals with a problem of detection of network traffic anomaly and classification of network flows. Based on existing methods, paper describes proposal and implementaion of a tool, which can automatically classify network flows. The tool uses CUDA platform for network data processing and computation of network flow metrics using graphics processing unit. Processed flows are subsequently classified by proposed methods for network anomaly detection.
|
|
|
Behavioral Analysis of Network Traffic and (D)DoS Attack Detection
Chapčák, David ; Hajný, Jan (referee) ; Malina, Lukáš (advisor)
The semestral thesis deals with the analysis of the modern open-source NIDPS tools for monitoring and analyzing the network traffic. The work rates these instruments in terms of their network location and functions. Also refers about more detailed analysis of detecting and alerting mechanisms. Further analyzes the possibilities of detection of anomalies, especially in terms of statistical analysis and shows the basics of other approaches, such as approaches based on data mining and machine learning. The last section presents specific open-source tools, deals with comparison of their activities and the proposal allowing monitoring and traffic analysis, classification, detection of anomalies and (D)DoS attacks.
|
|
| |
|
|
Portscan Detection in High-Speed Networks
Kapičák, Daniel ; Kekely, Lukáš (referee) ; Bartoš, Václav (advisor)
In this thesis, I present the method to efficiently detect TCP port scans in very high-speed links. The main idea of this method is to discard most of the handshake packets without loss in accuracy. With two Bloom filters that track active destinations and TCP handshakes, the algorithm can easily discard about 80\% of all handshake packets with negligible loss in accuracy. This significantly reduces both the memory requirements and CPU cost. Next, I present my own extension of this algorithm, which significantly reduces the number of false positives caused by the lack of communication from the server to the client. Finally, I evaluated this algorithm using packet traces and live traffic from CESNET . The result showed that this method requires less than 2 MB to accurately monitor very high-speed links, which perfectly fits in the cache memory of today's processors.
|
|
| |
|
|
Comparison of Network Anomaly Detection Methods
Pacholík, Václav ; Grégr, Matěj (referee) ; Bartoš, Václav (advisor)
This thesis focuses on methods for detection of network traffic anomalies. The preamble contains a short overview of all categories along with their corresponding examples. The next part details the three methods chosen for comparison: EWMA, Holt-Winters and the wavelet-based method. Furthermore are described generated input data attacks that were, along with the already discovered ones, used for rating of the compared methods detection abilities. Finally, optimal parameters are described along with other discovered flaws including suggestions for improvement.
|
|
|
Network Traffic Analysis Based on Clustering
Černý, Tomáš ; Drahošová, Michaela (referee) ; Bartoš, Václav (advisor)
This thesis focuses on anomaly detection in network traffic using clustering methods. First, basic anomaly detection methods are introduced. The next part describes hierarchical and k-means clustering in detail. Also there are described selected normalization techniques. Part is given to the procedure for detecting anomalies in the context of data mining. Furthermore a few words about implementation of single methods. Finally, clustering methods and normalization techniques are tested and compared.
|
|
|
Network Anomaly Detection Based on PCA
Krobot, Pavel ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with subject of network anomaly detection. The method, which will be described in this thesis, is based on principal component analysis. Within the scope of this thesis original design of this method was studied. Another two extensions of this basic method was studied too. Basic version and last extension was implemented with one little additional extension. This one was designed in this thesis. There were series of tests made above this implementation, which provided two findings. First, it shows that principal component analysis could be used for network anomaly detection. Second, even though the proposed method seems to be functional for network anomaly detection, it is still not perfect and additional research is needed to improve this method.
|
|
|
Detection of Network Attacks Based on NetFlow Data
Kulička, Vojtěch ; Tobola, Jiří (referee) ; Žádník, Martin (advisor)
With rising popularity of the internet there is also rising number of people misusing it. This thesis analyzes the problem of network attack detection based on NetFlow data. A program is designed to point out anomalous behaviour by analyzing the flow records using data mining techniques. The method of TCM-KNN utilizing the fact that attacks statistically deviate is implemented. Thus even new types of attacks are detected
|
guest ::
