|
|
Detekce a mitigace DDoS útoků
Brázda, Mikuláš ; Hranický, Radek (oponent) ; Žádník, Martin (vedoucí práce)
Tato práce se zabývá detekcí DDoS útoků v síťové infrastruktuře CESNET3, využívající analýzy NetFlow záznamů. S ohledem na dynamickou povahu síťového provozu přistupuje k datům jako k nekonečnému proudu. K uchování a efektivnímu zpracování velkého objemu dat využívá metodu sketche, která umožňuje kompaktní reprezentaci dat bez ztráty klíčových informací o síťovém provozu. Jádrem detekčního mechanismu je adaptivní algoritmus CUSUM, který kumuluje odchylky od dlouhodobého klouzavého průměru. Při překročení prahové hodnoty je vyhlášen poplach. Modul byl otestován na datech z reálné sítě s různým nastavením parametrů pro demonstraci jeho vlastností. Implementovaný modul je součástí systému NEMEA.
|
|
|
Generating Synthetic Web Traffic
Koprda, Peter ; Žádník, Martin (oponent) ; Hranický, Radek (vedoucí práce)
Web crawlers, also known as web spiders or bots, play a crucial role in information retrieval, search engine optimization, and website indexing. However, web robots can also be used in the penetration testing of web applications. Automating the vulnerability discovery process, identifying hidden endpoints, and effectively mapping the structure of a web application can improve the effectiveness of penetration testing. This work focuses on creating a tool designed for generating non-human (synthetic) web traffic. This tool will also be designed for automated penetration testing of web applications using web robots, using synthetic web traffic for enhanced testing capabilities. Additionally, this tool will be used for evaluating the effectiveness of security systems such as IDS, IPS, and web application firewalls (WAF).
|
|
|
Detekce malware domén pomocí metod strojového učení
Ebert, Tomáš ; Poliakov, Daniel (oponent) ; Hranický, Radek (vedoucí práce)
Tato bakalářská práce se zabývá detekcí malware domén pomocí metod strojového učení na základě různých informací získaných o doméně (DNS záznamy, geolokační údaje atd.). S rychle rozšiřujícími se hrozbami, nejen formou malwaru, jsou často současné přístupy nedostačující ať už jen rychlostí detekce malware domén, nebo celkovým rozeznáním, zda se jedná o nebezpečnou doménu. Výstupem této práce je natrénovaný model klasifikátoru XGBoost, jehož výhodou je rychlá a efektivní detekce v reálném čase oproti detekci pomocí černých listin, které získávají data domén často s týdenním zpožděním. Pro tento model bylo získáno 131 tisíc malware domén, pomocí kterých bylo možné získat model s vysokými hodnotami. Pomocí experimentů bylo dosaženo skóre F1 96.8786 % u klasifikátoru XGBoost s poměrem falešně pozitivních detekcí 0.004887.
|
|
|
Aproximace doby výpočtu distribuovaných úloh pro lámání hesel
Jadrná, Lucie ; Horák, Adam (oponent) ; Hranický, Radek (vedoucí práce)
Tato práce se zaměřuje na zlepšení přesnosti odhadu doby lámání hesel v distribuovaném systému Fitcrack. Na základě analýzy stávajícího řešení byly identifikovány klíčové faktory ovlivňující přesnost výpočtu a navržena sada algoritmů pro zpřesnění odhadu. Provedené experimenty potvrdily účinnost navržených algoritmů, přičemž nové řešení přineslo významné zlepšení přesnosti odhadu doby lámání v 90.32 % měřených úloh, zahrnujících útok hrubou silou, slovníkový útok, kombinační útok a hybridní útoky.
|
|
|
Optimization of Classification Models for Malicious Domain Detection
Pouč, Petr ; Jeřábek, Kamil (oponent) ; Hranický, Radek (vedoucí práce)
This thesis focuses on the development of advanced methods for malicious domain name detection using optimization techniques in machine learning. The thesis investigates and evaluates the effectiveness of different optimization strategies for classification. As evaluation tools, I selected classification algorithms that differ in their approach, including deep learning, decision tree techniques, or hyperplane search. These methods are investigated in terms of their ability to effectively classify domain names depending on the implemented optimization techniques. Optimization strategies include the creation of ground-truth datasets, application of data processing methods, advanced feature selection, solving the class imbalance problem, and hyperparameter tuning. The final part of the paper presents a detailed analysis of the benefits of each optimization approach. The experimental part of the study demonstrates exceptional results by combining several methodologies. The top CNN models obtained up to 0.9926 F1 while lowering FPR to 0.3%. The contribution of this study is to provide specific methodologies and tactics for the successful identification of malicious domain names in the cybersecurity area.
|
|
|
Evaluation of Little Lies in Browser Fingerprinting
Smatana, Andrej ; Hranický, Radek (oponent) ; Polčák, Libor (vedoucí práce)
In the digital age, preserving user privacy has become increasingly complex due to sophisticated online tracking techniques like browser fingerprinting. This invasive method can be used to create a user's unique online profile, enabling persistent reidentification. This thesis investigates the strategy of applying little lies to disrupt fingerprinting by modifying browser API outputs. This thesis critically assesess existing and novel farbling techniques in a testing environment. Also, the study delineates the intricacies of fingerprinting, evaluates farbling methods, and proposes enhancements to JShelter, aiming to fortify user privacy against tracking practices.
|
|
|
Automated planning of password cracking tasks
Brandšteter, David ; Horák, Adam (oponent) ; Hranický, Radek (vedoucí práce)
This thesis aims to design and implement an extension module for the Fitcrack system. The extension is meant to help the user who is time-limited and can’t or is unable to estimate the duration of the attack. The extension is also helpful for the user who does not want to spend time setting up individual attacks. It is an automated scheduler that, based on a given time, creates several attacks, whose duration will correspond to the time required by the user. The planner’s output is a prepared set of attacks in the form of a batch, ready for use. Later in this thesis, there are described experiments that were used to verify the applicability of the solution.
|
|
|
Detection of DGA-based Botnets
Keznikl, Matej ; Setinský, Jiří (oponent) ; Hranický, Radek (vedoucí práce)
Botnets represent significant cybersecurity threats due to their potential to cause extensive damage to computer networks and systems. One primary method by which botnets conceal their existence and communicate with servers is through the use of Domain Generation Algorithms (DGA), which enable the dynamic creation of domain names for controlling the botnet. This thesis focuses on the design and development of a highly efficient and distributed detection system for analyzing communication patterns and behaviors of botnets within DNS network traffic and identifying domain names created based on DGA. Several machine learning techniques were compared, utilizing lexical features of domain names characteristic of DGA, to determine the classifier exhibiting the best results. The LightGBM classifier, achieving a ROC-AUC score of up to 99.18%, was subsequently integrated into the detection system. Unit testing of individual blocks and integration testing were performed to ensure the functionality and reliability of the entire system and the mutual compatibility of its components. The resulting implementation of the detection system achieves high accuracy in the binary classification of domain names created based on DGA, ensuring its readiness for effective deployment in real-world operational environments.
|
|
|
Controlling LEGO Powered-up Hub from EV3
Potoček, Jakub ; Polčák, Libor (oponent) ; Hranický, Radek (vedoucí práce)
This work deals with the communication between two incompatible programmable LEGO bricks, the LEGO Mindstorms EV3 and the LEGO Control+ Technic Hub. The task of this work was to create a communication interface enabling the transfer of data between these two bricks and thus enable the EV3 brick to send and possibly also receive data from the Technic hub brick. During the creation of this work, I designed and constructed two prototypes using an optical interface for data transmission. The second prototype enables two-way communication. This enables data from sensors and function return values to be transferred to EV3. Despite the fact that the resulting solution does not allow fast enough data transfer due to the technical limitations of the Technic hub brick, this solution is suitable for use by owners of these LEGO building blocks looking for ways to use both bricks when creating models.
|
|
|
Automatizované generování pravidel pro modifikaci hesel s využitím metod strojového učení
Šírová, Lucia ; Veselý, Vladimír (oponent) ; Hranický, Radek (vedoucí práce)
The success of password cracking using a dictionary attack is limited by the scope and quality of the used dictionary. One way to enhance the success rate of password cracking is to expand the dictionary with password mangling rules. These rules typically reflect human tendencies in password creation, such as appending numbers at the end of the password or capitalizing the first letter. This bachelor’s thesis describes a tool’s design and implementation process that aims to generate these rules by analysis of existing passwords, for example, from datasets obtained during security breaches. This tool enhances existing solutions by providing a choice of four distinct clustering methods. Unlike other rule-generating tools that leverage machine learning, it broadens the generated rules to nineteen unique types. Additionally, the tool offers customizable configurations for rule types and their priorities. Testing results suggest that the tool discussed in this bachelor’s thesis performs comparably or even better than a previously known state-of-the-art solutions.
|
host ::
RSS.