|
|
Multiplatform Linux Sandbox for Analyzing IoT Malware
Uhříček, Daniel ; Burget, Radek (oponent) ; Kolář, Dušan (vedoucí práce)
Diversity of processor architectures used by IoT devices complicates IoT malware analysis. This thesis summarizes current state of static, dynamic, and network analysis and it evaluates existing open source solutions of sandboxes providing automated analysis. It proposes a design of a modular system that is easy-to-use, has available REST API, and web interface. The implementation supports five processor architectures. It was tested on current IoT malware samples.
|
|
| |
|
|
Virtualized Environment for Analysis of Malware Traffic
Martykán, Tomáš ; Kolář, Dušan (oponent) ; Uhříček, Daniel (vedoucí práce)
Malware is a major threat to the security of the Internet. This bachelor's thesis presents a virtual environment for the analysis of malware network traffic. Its approach uses the Rust programming language to develop a software firewall capable of intelligently filters network traffic, allowing malware to run without risk in sandboxes. The evaluation of the solution demonstrates its effectiveness in different scenarios to filter and analyze various types of malware while minimizing the risk associated with running malware samples.
|
|
|
Collaborative Machine Learning in the Context of Network Security
Hejcman, Lukáš ; Uhříček, Daniel (oponent) ; Žádník, Martin (vedoucí práce)
Machine learning methods have long been applied to the areas of network monitoring and security due to their ability to analyze and classify data at a rapid rate. However, the advancement in computer network speeds and throughput makes creating and managing datasets in a distributed setting more difficult due to their size. Furthermore, sharing such datasets containing captured network traffic of the network’s users presents a grave privacy concern. Thus, methods of collaborative machine learning are being explored in this domain. However, the existing solutions to implementing collaborative machine learning are either proof-of-concept tools or production frameworks, and very little focus is given to bridging this gap. This thesis presents a new framework for collaborative machine learning called FERDINAND, which bridges this gap by focusing on on-the-fly model updates, extensibility, and easy configuration. This framework was developed in close cooperation with the CESNET research team focusing on network monitoring and security, and is implemented to be a viable production-grade tool that can be deployed on the backend infrastructure of CESNET. This work further explores the viability of using the FERDINAND framework within the context of network monitoring by applying it to state-of-the-art methods for the detection of malicious devices or the classification of DNS over HTTPS traffic. Lastly, future development directions for the framework are explored.
|
|
|
Enrichment of IP Flow Records with Data from External Sources
Zvara, Adam ; Uhříček, Daniel (oponent) ; Žádník, Martin (vedoucí práce)
This thesis addresses the enhancement of network flows from the viewpoint of a collector, obtained through NetFlow/IPFIX monitoring architecture. The primary objective is to extend the IPFIXcol2 collector with interfaces that can be utilized to develop new modules capable of enriching network flows. The proposed approach involves designing and implementing two modules, namely ASN and GeoIP, to enrich flows with information related to autonomous system numbers and geolocation. After implementing these modules, performance evaluations are conducted to assess their impact on the collector’s overall efficiency.
|
|
| |
|
|
Multiplatform Linux Sandbox for Analyzing IoT Malware
Uhříček, Daniel ; Burget, Radek (oponent) ; Kolář, Dušan (vedoucí práce)
Diversity of processor architectures used by IoT devices complicates IoT malware analysis. This thesis summarizes current state of static, dynamic, and network analysis and it evaluates existing open source solutions of sandboxes providing automated analysis. It proposes a design of a modular system that is easy-to-use, has available REST API, and web interface. The implementation supports five processor architectures. It was tested on current IoT malware samples.
|
host ::
RSS.