|
|
Generator of Network Attack Traces
Daněk, Jakub ; Kořenek, Jan (referee) ; Bartoš, Václav (advisor)
The thesis describes a design and implementation of Nemea system module purposed on generation of records about simulated network attacks. This thesis also contains brief description of Nemea system and several network attacks. Finally, part of this work is description of simulated attacks and methods of simulations.
|
|
|
Network Traffic Analysis Based on Sketches
Dřevo, Aleš ; Kekely, Lukáš (referee) ; Bartoš, Václav (advisor)
Aim of this thesis is to create a program for network traffic analysis and for detection of anomallies in the traffic. The Heavy-Changes Detection technique which falls within the Data stream algorithm category is used to do so. Special structures called sketches are used for data processing. These structures are capable of maintaining large amounts of data with low memory consumption. Programs from Nemea system for which this project is created are used for gathering necessary network data.
|
|
|
Detection of Malicous Traffic in Local Network
Šabík, Erik ; Kováčik, Michal (referee) ; Žádník, Martin (advisor)
This bachelor's thesis discusses monitoring local networks using IP flows. It describes Nemea framework which is used for building complex systems for detecting malicious traffic. Analysis of data from three different networks was performed by using this framework. Based on this analysis a design for detection of malicious traffic in local network was created. The detection method monitors network traffic for suspicious communication targeting IP or URL addresses that are listed in public blacklists. The detection method is evaluated on various traffic samples and the results show that three analysed samples belong to networks that are well managed and secured since the communication with the blacklisted entities is rare.
|
|
|
Automated Development of Network Attack Detectors
Huták, Lukáš ; Kováčik, Michal (referee) ; Žádník, Martin (advisor)
The thesis is focused on automated development of network attack detectors. It describes a design of patterns developed for normal and offensive behaviors based on monitoring network traffic of selected services. Patterns are represented by statistics with a focus on suitable metrics. Using machine learning algorithms attack detectors are created from behavioral patterns. Finally, a module was implemented for Nemea system in C/C++ programming language based on the proposal.
|
|
|
Detection of Brute-Force Password Attack in Network Traffic
Hurta, Marek ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
This bachelor's thesis is aimed at monitoring of computer networks using IP flows. It describes NEMEA framework which is used for creating modules. These modules are able to detect network anomalies and attacks. Next part describes a few methods how SSH, RDP and Telnet protocols could be attacked. Following chapters analyze some types of attacks such as Dictionary or Brute-Force attack and tries to find their common characteristics. Based on this analysis, signature of attack is created. Proposed detection algorithm uses these signatures for computing detection thresholds which are used in histogram analysis. Finally, results of proposed detection algorithm are compared with the results from other known methods.
|
|
|
Secure Gateway for Wireless IoT Protocols
Hošala, Martin ; Hujňák, Ondřej (referee) ; Kořenek, Jan (advisor)
Táto práca bola zameraná na vytvorenie funkčného prototypu zabezpečenej brány pre bezdrôtové IoT protokoly s využítím BeeeOn IoT Gateway. Na vytvorenie výsledného riešenia bolo potrebné analyzovať existujúce zabezpečovacie systémy IoT, navrhnúť ich integráciu s BeeeOn Gateway a systém nasadiť. Ako zabezpečovacie systémy v tejto práci boli použité moduly NEMEA vyvinuté v rámci projektu SIoT. Výsledné riešenie beží na routeri Turris Omnia a pozostáva z BeeeOn Gateway, piatich detekčných modulov SIoT a ďalších modulov NEMEA potrebných pre plnú funkčnosť detektorov. Potenciálne hrozby sa zisťujú v sieťach Z-Wave, BLE a LoRaWAN. Používateľ môže so systémom interagovať prostredníctvom webového rozhrania systému Coliot, ktorý je tiež súčasťou výsledného riešenia a slúži na ukladanie a prezentáciu výsledkov detekcie. Funkčnosť systému bola overená experimentálne a množinou integračných testov. Testovanie odhalilo mnoho nedostatkov spojených s použitými podsystémami a väčšina z nich bola opravená. Výsledný systém sa používa sa v rámci projektu SIoT.
|
|
|
Detection and Automatic Analysis of Network Scans
Procházka, Aleš ; Kováčik, Michal (referee) ; Krobot, Pavel (advisor)
This bachelor thesis is focused on a computer network monitoring that utilizes flows. Firstly, there is a framework Nemea described, which can be used to build a complex system for network attack detection, and whose module is developed within the thesis. Secondly, port scanning is explained and different methods that can be used to scan ports are defined. The module is designed to detect horizontal scanning. The idea behind this method is to compare a unique number of destination IP addresses, which were asked for with a specific port, with a given threshold in a specific time window. Finally, in the practical part of the thesis the implementation of the module is described and results of the experiments on real data from Cesnet are presented.
|
|
|
Visualization of Network Security Events
Stehlík, Petr ; Kováčik, Michal (referee) ; Krobot, Pavel (advisor)
This thesis focuses on visualization of network security events via modern web technologies. Multiple technologies for creating modern web application supporting visualising large volume of security events were studied. The application was designed for NEMEA system which thanks to this thesis acquired graphical user interface allowing big data visual analysis. Visualized events allow drill-down analysis. The application operates on security events stored in IDEA format which is used among other network security services and the application is therefore transferrable to them. NEMEA Dashboard has been tested on the target group of network administrators using acceptance tests.
|
|
|
Profiling of Network Traffic for DDoS Mitigation
Ligocká, Alexandra ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
The aim of this work is to propose metrics for \gls{ddos} attacks detection and setting the thresholds of normal network traffic in a given computer network at different levels of detail. Based on the selected metrics and network flow data, a network profile is extracted and afterwards stored in memory. Within the implementation part, this work deals with the implementation of program for the collection and calculation of specified metrics, their processing, storage and provides a simple interface providing access to stored data.
|
|
|
Fingerprinting and Identification of TLS Connections
Hejcman, Lukáš ; Kocnová, Jitka (referee) ; Kekely, Lukáš (advisor)
TLS je dnes nejpopulárnější šifrovací protokol používaný na internetu. Jeho cílem je poskytnout vysokou úroveň zabezpečení a soukromí pro komunikaci mezi zařízeními. Představuje však výzvu z hlediska monitorování a správy sítí, protože není možné analyzovat komunikaci šifrovanou pomocí tohoto protokolu ve velkém měřítku, pomocí existujících metod založených na detailní analýze obsahu paketů. Analýza šifrované komunikace může správcům pomoci detekovat škodlivou aktivitu v jejich sítích a také jim může pomoci identifikovat potenciální bezpečnostní hrozby. V této práci představuji metodu, která nám umožňuje využít výhod dvou metod otisků TLS, JA3 a Cisco Mercury, k určení operačního systému a procesů klientů v počítačové síti. Navržená metoda je schopna dosáhnout srovnatelných nebo lepších výsledků v porovnání se stávajícím přístupem Cisco Mercury pro vybrané datové sady a zároveň poskytuje možnosti pro detailnější analýzy klasifikací než JA3. V rámci práce je dále implementován modul pro systém NEMEA, který je schopný analyzovat TLS provoz pomocí nově navrženého přístupu.
|
guest ::
