|
|
Detection of Malicious Domains Using Passive DNS Analysis
Doležal, Jiří ; Žádník, Martin (referee) ; Kováčik, Michal (advisor)
Tato diplomová práce se zabývá detekcí škodlivých domén za pomoci analýzy pasivního DNS provozu, návrhem a implementací vlastního systému detekce. Provoz DNS se stává terčem mnoha útočníků, kteří využívají toho, že služba DNS je nezbytná pro fungování Internetu. Téměř každá internetová komunikace totiž začíná DNS dotazem a odpovědí. Zneužívání služby DNS nebo využívání slabin této služby se projevuje anomálním chováním DNS provozu. Tato práce obsahuje popis různých metod používaných pro odhalování anomálií a škodlivých domén v DNS datech. Hlavní částí práce je návrh a implementace systému pro detekci škodlivých domén. Implementovaný systém byl testován na DNS datech získaných z reálného provozu.
|
|
|
Eluding and Evasion of IDS Systems
Černý, Marek ; Tobola, Jiří (referee) ; Žádník, Martin (advisor)
This paper analyzes network security devices called intrusion detection (ID) systems. In order to point out possible flaws, especially ID systems using signature analysis are examined. Based on this, methods to exploit possible vulnerabilities of these systems were designed. These methods were implemented into a simple program for ID systems efficiency evaluation. It can be used in a way entirely independent of particular network attack used in the test.
|
|
|
Web Portal for Network Traffic Reporting
Lízal, Miroslav ; Žádník, Martin (referee) ; Tobola, Jiří (advisor)
This thesis focuses on development of a web portal, which provides information about network traffic. It describes available technologies, which can be used for the network monitoring. It puts emphasis especially on NeTFlow. This paper also descirebs the whole development cycle from analysis to implementation and testing. The outcome of this work is a online system, based on PHP language and PostgreSQL database, which creates reports on the network traffic and makes them accessible via WWW. It is also able to save these reports to a PDF file.
|
|
|
Compression of IP Flow Records
Kaščák, Andrej ; Kajan, Michal (referee) ; Žádník, Martin (advisor)
My Master's thesis deals with the problems of flow compression in network devices. Its outcome should alleviate memory consumption of the flows and simplify the processing of network traffic. As an introduction I provide a description of protocols serving for data storage and manipulation, followed by discussion about possibilities of compression methods that are employed nowadays. In the following part there is an in-depth analysis of source data that shows the structure and composition of the data and brings up useful observations, which are later used in the testing of existing compression methods, as well as about their potential and utilization in flow compression. Later on, I venture into the field of lossy compression and basing on the test results a new approach is described, created by means of flow clustering and their subsequent lossy compression. The conclusion contains an evaluation of the possibilities of the method and the final summary of the thesis along with various suggestions for further development of the research.
|
|
|
Validation of Network Parameters Based on Network Monitoring
Martínek, Radim ; Veselý, Vladimír (referee) ; Žádník, Martin (advisor)
The Master's Thesis presents a theoretical introduction, familiarization with the issue and a implementation for a solution of a "network parameter validation" tool, which is founded on principle of network traffic monitoring. Firstly, the current development of computer network setup is analyzed with its limitations. This is an initial point for an introduction of a new approach for implementation and verification of required network setting, which uses techniques of verification, simulation and validation. After the introduction into the context, validation techniques are specifically examined. The Thesis main contribution lies in the capacity to determine appropriate parameters, which can be used for validation and also for implementation of the tool, which ensures validation process. The network traffic, which characterizes the behavior of the network, is collected by NetFlow technology, which generates network flows. These flows are consequently used by the designed tool used for validation of required network parameters. This process overall verifies whether the main computer network requirements have been met or not.
|
|
|
Malicious Domains Detection Using Analysis of DNS Traffic
Ambrušová, Eva ; Žádník, Martin (referee) ; Kováčik, Michal (advisor)
The aim of this thesis is the detection of malicious domains based on passive analysis of DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on a structure of the domain name by using the entropy and a frequency characteristics of n-grams. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.
|
|
|
Automated Development of Network Attack Detectors
Huták, Lukáš ; Kováčik, Michal (referee) ; Žádník, Martin (advisor)
The thesis is focused on automated development of network attack detectors. It describes a design of patterns developed for normal and offensive behaviors based on monitoring network traffic of selected services. Patterns are represented by statistics with a focus on suitable metrics. Using machine learning algorithms attack detectors are created from behavioral patterns. Finally, a module was implemented for Nemea system in C/C++ programming language based on the proposal.
|
|
|
Optimization of NetFlow Data Search Using nfdump
Kubovič, Martin ; Žádník, Martin (referee) ; Bartoš, Václav (advisor)
This bachelor thesis deals with optimization of NetFlow data search using the nfdump tool. This thesis describes NetFlow protocol and tool nfdump and proposes the solution using data structure Bloom filter. The main goal was to optimize data storage and processing in order to be able to search the huge amounts of collected data and get results very quickly. The outcome of this thesis is the optimized tool that network administrators can use to search these data and significantly accelerate monitoring and analyzing network.
|
|
| |
|
|
Effective Network Anomaly Detection Using DNS Data
Fomiczew, Jiří ; Žádník, Martin (referee) ; Kováčik, Michal (advisor)
This thesis describes the design and implementation of system for effective detection of network anomaly using DNS data. Effective detection is accomplished by combination and cooperation of detectors and detection techniques. Flow data in NetFlow and IPFIX formats are used as input for detection. Also packets in pcap format can be used. Main focus is put on detection of DNS tunneling. Thesis also describes Domain Name System (DNS) and anomalies associated with DNS.
|
guest ::
