|
|
Distributed system for suppression of DoS attacks
Beneš, Dalibor ; Žádník, Martin (referee) ; Šišmiš, Lukáš (advisor)
Ochrana před distribuovanými útoky odepření služby (DDoS) patří mezi klíčové oblastí síťové bezpečnosti. Jednou z možných forem ochrany je využití zařízení DCPro DDoS Protector vyvíjeného sdružením CESNET. Sdružení CESNET provozuje také systémy pro monitorování a analýzu síťového provozu IPFIXcol2 a NEMEA, a dále poskytuje možnost využít protokol pro monitorování sítě sFlow. Cílem této práce je navrhnout a uskutečnit integraci těchto systémů a vytvořit tak efektivní systém potlačení útoků odepření služby. Při vypracování tohoto cíle byl kladen důraz na efektivní využití stávajích řešení, znovupoužitelnost a možnosti budoucího rozšíření celé distribuované architektury.
|
|
|
Analýza malware na úrovni síťových toků
Brázda, Šimon ; Setinský, Jiří (referee) ; Poliakov, Daniel (advisor)
This thesis explores freely available datasets and investigates their applicability to training machine learning models. The ipfixprobe tool was used to extract data from the dataset and the Python language was used for further implementation. In the theoretical part, basic application protocols, network monitoring capabilities at the flow level are discussed. Furthermore, different types of malware and types of machine learning models applicable to network flow classification were discussed. Subsequently, these models were used to test the applicability of the selected dataset, which was thus validated.
|
|
|
Distributed Tool for Extraction of Information from Network Flows
Sedlák, Michal ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
This work deals with the extraction of information from flow records that are the result of network monitoring by the IPFIX system. The goal of the work is to design a tool that allows querying stored network flows created by the open-source collector IPFIXcol2. Querying is performed with the highest possible efficiency and performance in mind, which is achieved by using appropriate data structures and thread-level parallelization, as well as by using multiple machines.
|
|
|
Distributed Processing of IP flow Data
Krobot, Pavel ; Kořenek, Jan (referee) ; Žádník, Martin (advisor)
This thesis deals with the subject of distributed processing of IP flow. Main goal is to provide an implementation of a software collector which allows storing and processing huge amount of a network data in particular. There was studied an open-source implementation of a framework for the distributed processing of large data sets called Hadoop, which is based on MapReduce paradigm. There were made some experiments with this system which provided the comparison with the current systems and shown weaknesses of this framework. Based on this knowledge there was created a specification and scheme for an extension of current software collector within this work. In terms of the created scheme there was created an implementation of query framework for formed collector, which is considered as most critical in the field of distributed processing of IP flow data. Results of experiments with created implementation show significant performance growth and ability of linear scalability with some types of queries.
|
|
|
Design and implementation of network collector
Bošeľa, Jaroslav ; Horváth, Tomáš (referee) ; Oujezský, Václav (advisor)
This master’s thesis deals with description of information protocol of network flow, mainly definition of Cisco NetFlow version 9. Describes it’s features, message format and attributes of transmitted data. The thesis is primarly focused onto NetFlow v9 transmitted template, which defines fileds and data in consecutive data flow. The essence of the thesis consists in implementation of simple NetFlow v9 parser, which has been programmed in Python prog.language, it’s tests of captured UDP data from file and port capture testing on development server in lab. There is a possibility of saving captured and parsed data into prepared database within implementation as output from capturing.
|
|
|
Flexible Network Flow Measurement
Varga, Ladislav ; Tobola, Jiří (referee) ; Žádník, Martin (advisor)
This thesis deals with designing the probe used for measuring network flows. It contains theoretical analysis of network measurment topic, description of algorithms and principles used for network flow measurement. Emphasis on the probe architecture lies on efficient indexing algorithm and flow record flexibility, such that user is able to define format of flow record.
|
|
|
System for Monitoring of Network Protocols
Selecký, Roman ; Dražil, Jan (referee) ; Kořenek, Jan (advisor)
It is necessary to monitor networks namely for diagnostics, troubleshooting, detection of anomalies and suspicious header encapsulations. This thesis aims to design and implement a system for monitoring protocol structure on 10 Gb networks, which will be able to capture packets based on the sequence of encapsulated protocols. To achieve requested throughput some tasks like packet parsing and packet filtering were accelerated in FPGA. Flexibility is achieved by using a tool that maps P4 programs, which define packet parsing process, to VHDL language. Based on the information gained from packet parsing, flow records are created and stored via IPFIX protocol. This information is displayed through a graphical user interface in the form of protocol tree, whose nodes are associated with flow records.
|
|
|
IP Flow Filter
Štoffa, Imrich ; Krobot, Pavel (referee) ; Wrona, Jan (advisor)
This thesis is focused on unification of filtering languages used by IP flow collecting program and library for their analysis. At the moment these implementations use different filtering modules and file formats. Because of this, inconsistencies in results arise and as a response to this, creation of one filtering module was proposed as part of effort to better integrate collection and analysis of IP flows using these programs. The one filtering module aims to provide one implementation and support for popular filtering language for use in the programs. Thesis contains theoretical introduction to flow monitoring in networks, describes algorithms useful for evaluation of conditions on flow records and packets. The core of authors work is design and implementation of the filtering module and its wrappers for the collector and analysis library. Results of performance tests and evaluation of features can be found in the thesis's conclusion.
|
|
|
Data Profiling Using IPFIX Mediator
Kozubík, Michal ; Bartoš, Václav (referee) ; Kořenek, Jan (advisor)
This thesis deals with the network data profiling using IPFIX mediator. The main task is effective data filtering and configurable profiles management. The profiles management is still not available for IPFIX mediator, which makes analysis of network traffic for users more difficult. Therefore this thesis deals with the design and implementation of configurable profiles management as a plug-in for IPFIX mediator. The plug-in uses profiles hierarchy with filtering rules for data sorting.
|
|
|
Detection of Cryptocurrency Miners Based on IP Flow Analysis
Šabík, Erik ; Krobot, Pavel (referee) ; Žádník, Martin (advisor)
This master’s thesis describes the general information about cryptocurrencies, what principles are used in the process of creation of new coins and why mining cryptocurrencies can be malicious. Further, it discusses what is an IP flow, and how to monitor networks by monitoring network traffic using IP flows. It describes the Nemea framework that is used to build comprehensive system for detecting malicious traffic. It explains how the network data with communications of the cryptocurrencies mining process were obtained and then provides an analysis of this data. Based on this analysis a proposal is created for methods capable of detecting mining cryptocurrencies by using IP flows records. Finally, proposed detection method was evaluated on various networks and the results are further described.
|
guest ::
