|
|
Neural Networks for Network Anomaly Detection
Matisko, Maroš ; Martinásek, Zdeněk (referee) ; Blažek, Petr (advisor)
This bachelor thesis is focused on creating a system to mitigate computer network attacks. One of the most common groups of attacks is Distributed Denial of Service (DDoS) attacks, against which this system should protect internal network. In the theoretical part of the thesis are described DDoS attacks, existing systems for their mitigations, neural networks principle and their use. Practical part consists of choosing communication parameters, constructing a neural network with use of these parameters, implementation of this neural network in real–time attack mitigation system and a result of testing of this system.
|
|
|
Detection of anomalies in network traffic using compression methods
Blažek, Libor ; Dvořák, Jan (referee) ; Blažek, Petr (advisor)
The objective of the thesis is to design a practical demonstration of the functionality of selected compression methods. The following chapters will discuss the attacks on terminals and mentioned some measures. The show will be processed using two methods development environment. The attacks will detect anomalies in the network and subsequently carried out at one of the sample data compression methods. Data will be collected as normal operation at the terminal station, and then in the attack.
|
|
|
Behavioral Analysis of DDoS Network Attacks
Kvasnica, Ondrej ; Homoliak, Ivan (referee) ; Očenášek, Pavel (advisor)
This bachelor thesis deals with anomaly detection in computer networks using artificial intelligence method. Main focus is on the detection of DDoS attacks based on the information from the lower layers of the OSI model. The target is to design and implement a system that is capable of detecting different types of DDoS attacks and characterize common features among them. Selected attacks are SYN flood, UDP flood and ICMP flood. Description and feature selection of the attacks is included. Furthermore, a system is designed that evaluates whether the network traffic (organized into flows) is a DDoS attack or not. Attacks are detected using the XGBoost method, which uses supervised learning. The final model is validated using cross-validation and tested on attacks generated by the author.
|
|
|
Implementation of plugins for JMeter
Švehlák, Milan ; Člupek, Vlastimil (referee) ; Martinásek, Zdeněk (advisor)
This thesis discusses the load testing tool JMeter and its opportunities for expansion by modules carrying out cyber attacks of the type Denial of Service (DoS). To begin with, there is a theoretical overview of cyber attacks of this type. The following chapter, talks about the JMeter tool, namely its functions and expansion options. After that, it is proceeded to the actual design and realization of the modules. The module implementing the attack HTTP Flood is created first. This module uses internal functions of the program JMeter. This new module is tested. Next chapter folows the procedure of creating modules, that use external generator of network traffic. Modules SYN Flood, ICMP Flood and NTP Flood are implemented using the generator Trafgen. Module implementing attack Slowloris uses a Python script as a generator of the attack. Finally, all the new modules are tested.
|
|
|
Anomaly detection by neural networks
Strakoš, Jan ; Sikora, Marek (referee) ; Blažek, Petr (advisor)
This bachelor thesis is focused on anomaly detection represented as computer network attacks by neural network. One of the most common groups of attacks is Distributed Denial of Service (DDoS) attacks, which the system based on neural network should identificate. In the theoretical part of this thesis are described legitimate, non-standard and illegitimate traffic. Another part of this chapter described DDoS attacks, options of their detection, neural networks principle and their use. Practical part describe choosed communication parameters, specifying the threshold intervals of legitimate traffic, constructing a neural network which use of these parameters and threshold intervals, implementation of neural network into the system and presenting results.
|
|
|
Generating of flood attacks
Hudec, David ; Hajný, Jan (referee) ; Smékal, David (advisor)
The assessment comprises of two parts, describing theory and generating of flood attacks respectively. The first part covers flood attacks' analysis, deals with their available techniques and practices, known in the area, and a computer simulation program, revealing the behavior of a contested network as well as the attacker's procedure. In the following part, data generating solutions itself are described. These are represented by two hardware programs, adapted from existing solutions, and one C# application, created by the author. The comparison of these two approaches is included, as well as are the generation results and mitigation proposal.
|
|
| |
|
|
Inference of DDoS Mitigation Rules
Jacko, Daniel ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This thesis focuses on DDoS attacks, their types and means of their mitigation. The aim of the thesis is to design and implement an algorithm which would be able to derive rules to block DDoS attacks. For this, we chose the algorithm of machine learning, a decision tree, which starts operating as soon as the attack is detected. The algorithm operates with a sample of data detected during the attack, and with a sample of legitimate communication. A part of this thesis is also a description of a BPF format and an overview of executed experiments.
|
|
|
Analysis of DDoS Backscatter Traffic in Network Flow Data
Marušiak, Martin ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This work focuses on detection of denial of service (DoS) attacks which utilize random spoofing of source IP address in attack packets. These types of attacks lead to generation of side effect in a form of backscatter that can be used to identify victims of such attacks. Backscatter analysis has so far been limited to unused address space ranges referred to as network telescopes. This work therefore proposes a new method of DoS attack detection via backscatter outside of network telescope environment where legitimate user traffic is also present. Furthermore proposed approach uses only abstracted traffic in a form of network flows. Presented method was implemented as part of NEMEA system and tested on real flow data capture provided by CESNET.
|
|
|
System for the Protection against DoS Attacks Using IDS
Mjasojedov, Igor ; Fukač, Tomáš (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the use of the Intrusion Detection System in the protection of computer networks against Denial of Service attacks. Suricata is the IDS system chosen for this purpose. The main goal of the thesis is to integrate the Suricata system with the DDoS Protector device. DDoS Protector - DCPro is a security network device, which uses, from a software perspective, DPDK technology for high-speed network traffic processing. Due to this fact, this technology was also integrated into the Suricata system. After this integration, the communication between DDoS Protector and Suricata system was allowed more easily. As a result, two DPDK compatible regimes were created in the Suricata system. The individual regime allows Suricata to process network data directly from the network interface card. The second, integrated regime allows DCPro to send network data to the Suricata system for highly precise analysis, which significantly extends DDoS Protector's attack detection abilities.
|
guest ::
