|
|
Optimization of the Suricata IDS/IPS
Šišmiš, Lukáš ; Fukač, Tomáš (referee) ; Korček, Pavol (advisor)
V dnešnom svete zrýchľujúcej sa sieťovej prevádzky je potrebné držať krok v jej monitorovaní . Dostatočný prehľad o dianí v sieti dokáže zabrániť rozličným útokom na ciele nachádzajúce sa v nej . S tým nám pomáhajú systémy IDS, ktoré upozorňujú na udalosti nájdené v analyzovanej prevádzke . Pre túto prácu bol vybraný systém Suricata . Cieľom práce je vyladiť nastavenia systému Suricata s rozhraním AF_PACKET pre optimálnu výkonnosť a následne navrhnúť a implementovať optimalizáciu Suricaty . Výsledky z meraní AF_PACKET majú slúžiť ako základ pre porovnanie s navrhnutým vylepšením . Navrhovaná optimalizácia implementuje nové rozhranie založené na projekte Data Plane Development Kit ( DPDK ). DPDK je schopné akcelerovať príjem paketov a preto sa predpokladá , že zvýši výkon Suricaty . Zhodnotenie výsledkov a porovnanie rozhraní AF_PACKET a DPDK je možné nájsť na konci diplomovej práce .
|
|
| |
|
| |
|
|
User Oriented QoS System
Plchot, Oldřich ; Matoušek, Petr (referee) ; Kašpárek, Tomáš (advisor)
This master's thesis deals with the possibilities how to guarantee the quality of service in the area of computer networks using a GNU/Linux operating system. This work compares and evaluates tools which are necessary to guarantee the quality of service. The goal of this work is to discuss the advantages and disadvantages of these tools and to design a system which handles the problem of quality of service. Designed system uses a heuristics, which allows the user to set up the quality of service system without studying specific properties of communication protocols on the network or application layer. This work also includes a theoretical introduction into the quality of service and computer networks.
|
|
|
Entropic models of data traffic
Blažek, Petr ; Mžourek, Zdeněk (referee) ; Slavíček, Karel (advisor)
This thesis solves possibility of using entropy for anomaly detection in data communication and especially for security attacks. The main advantage of using entropy is ability to identify unknown attacks because entropy detects changes in network traffic but not the content as existing methods. In this work was tested the suitability of different models entropy (Shannon, Renyi, Tsallis). Also been tested the effect of Renyi and Tsallis parameter on resulting entropy. From the resulting values, I found that all tested entropy achieve good result in the identification of anomalies in network traffic.
|
|
|
Network Traces Analysis Using Apache Spark
Béder, Michal ; Veselý, Vladimír (referee) ; Ryšavý, Ondřej (advisor)
The aim of this thesis is to show how to design and implement an application for network traces analysis using Apache Spark distributed system. Implementation can be divided into three parts - loading data from a distributed HDFS storage, supported network protocols analysis and distributed data processing. As a data visualization tool is used web-based notebook Apache Zeppelin. The resulting application is able to analyze individual packets as well as the entire flows. It supports JSON and pcap as input data formats. The goal of the application is to allow Big Data processing. The greatest impact on its performance has the input data format and allocation of the available cores.
|
|
|
Detection of P2P Networks
Březina, Matej ; Matoušek, Petr (referee) ; Tobola, Jiří (advisor)
This document deals with design, implementation and testing of software system for detecting p2p (peer-to-peer) networks based on combination of BPF prefiltering and POSIX regular expressions packet payload matching with known p2p protocol communications. The proposed detection system includes a database with some rules of most effuse p2p protocols in format resembling to definitions for L7-filter classifier. The application is implemented in C, runs in userspace and is targeted to all POSIX compatible platforms. The combination of detector with user attached QoS controlling is complete solution for traffic reduction of common p2p protocols.
|
|
|
Analysis of Captured DNS Traffic
Hmeľár, Jozef ; Kekely, Lukáš (referee) ; Kováčik, Michal (advisor)
This thesis is focused on the analysis of captured DNS traffic. Introduction of this thesis is focused of basic desciption of computer networks , DNS and description of network flows. Then, the work focused on analysis Netflow format, IPFIX and PCAP, the analysis and implementation of tool for analyzing DNS traffic in C++ programming language. The conclusion is devoted to the results of the implemented tools.
|
|
|
Tunneled Data Extraction into Separate Flows
Nahálka, Roman ; Hranický, Radek (referee) ; Holkovič, Martin (advisor)
The goal of this work is to design and implement an application for extraction of tunneled data into seperate flows. The app will be removing all layers of encapsulation, that the file contains.The use of the app lays in better analysis and diagnostics of network communication. Thanks to removing the tunnels from the network flow, it will only contain data we can use. In the theoretical part, the work focuses on network architecture TCP/IP, the tunneling protocols and ways of capturing communication on the network. The practical part describes the way of retrieving test data, it also contains a design of the target application, as well as implementation of this design and testing of the final application.
|
|
|
Analysis Tool for the Network Traffic Content
Mareš, Martin ; Ryšavý, Ondřej (referee) ; Veselý, Vladimír (advisor)
This paper is about designing and implementing a tool for analysis of the network traffic content. Work is part of the SEC6NET project at FIT - Brno University of Technology. The paper describes specific requirement for such a tool and existing solutions. The main part is devoted to design and implementation of new tool - Netfox Detective. Several problems are handled: data persistence, performance, extensibility, etc. The last part of work describes possibilities and features of the Netfox Detective. The work emphasises extensibility and future development of a created tool.
|
guest ::
