|
|
Intelligent Mailbox
Pohlídal, Antonín ; Drozd, Michal (referee) ; Chmelař, Petr (advisor)
This master's thesis deals with the use of text classification for sorting of incoming emails. First, there is described the Knowledge Discovery in Databases and there is also analyzed in detail the text classification with selected methods. Further, this thesis describes the email communication and SMTP, POP3 and IMAP protocols. The next part contains design of the system that classifies incoming emails and there are also described realated technologie ie Apache James Server, PostgreSQL and RapidMiner. Further, there is described the implementation of all necessary components. The last part contains an experiments with email server using Enron Dataset.
|
|
|
Detection of Dictionary Attacks on Network Services Using IP Flow Analysis
Činčala, Martin ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
Existing research suggests that it is possible to detect dictionary attacks using IP flows. This type of detection was successfully implemented for SSH, LDAP and RDP protocols. To determine whether it is possible to use the same methods of detection for e-mail protocols virtual test environment was created. I deduced the characteristics of attacks in flows from the data, which I gained from this virtual environment. Than I chose the statistical value that separates the attacks from legitimate traffic. Variance of specific flow parameters was chosen as main characteristic of attacks. IP addresses with flows that have small variance of chosen parameters and high frequency of packet arrival are considered untrustworthy. Variance is calculated from IP history to rule out false positives. The IP history of legitimate user contains variation of flows which prevents marking this IP address as dangerous. On the basis of this principal the script, which detects the attacks from the nfdump output, was created. The success of detection of the attacks was tested on classificated data from the real environment. The results of tests showed, that with good configuration of marginal values the percentage of detected attacks is high and there are no false positives. Detection is not limited only on mail protocols. With regard to universal design, the script is able to detect dictionary attacks on SSH, LDAP, SIP, RDP, SQL, telnet and some other attacks.
|
|
|
Traffic detection and analysis using SSL/TLS
Hutar, Jan ; Dvořák, Jan (referee) ; Smékal, David (advisor)
This diploma thesis deals with a detection and analysis of secure connections of electro- nic communication through SSL/TLS protocols. The thesis begins with introduction to SSL/TLS protocols. Thereafter, an analysis of messages used to establish secure con- nections using STARTTLS and postal protocols SMTP, POP3, and IMAP was made. Metadata detection and extraction of secured simplex and duplex connections take place using deep packet inspection tools. The tool of choice is the nDPI library from the Ntop project. The library was extended to detect the connections and extract the metadata based on studies and analysis of transmitted messages. Finally, testing is performed on a training data set and a basic analysis of acquired metadata is made.
|
|
|
Stress testing of email communication
Takács, Peter ; Sikora, Marek (referee) ; Člupek, Vlastimil (advisor)
Táto práca sa zaoberá vylepšením SMTP a Mail Reader Samplerov pre JMeter, ktoré umožňujú výber konkrétnych sieťových rozhraní, podporu IPv6 a možnosť testovania pomocou viacerých zdrojových IP adries a portov a vývojom nového modulu, ktorý dokáže spúšťať a zastavovať služby e-mailového servera. Teoretická časť sa zameriava na protokoly používané v e-mailovej komunikácii vrátane protokolov SMTP, IMAP a POP3 a na funkčnosť testovania výkonnosti. Praktická časť sa zameriava najmä na vylepšenie vzorkovača SMTP, vzorkovača čítačky pošty a vývoj nového modulu emulátora e-mailového servera. Testuje sa v nej aj funkčnosť a vplyv nových funkcií a modulov. Výsledky týchto testov sú analyzované na konci tejto práce.
|
|
|
Email Server as a Windows Network Service
Jalůvka, Petr ; Ráb, Jaroslav (referee) ; Očenášek, Pavel (advisor)
Email is one of the most used services on the Internet. It's hard to find a user with less than one own mailbox. These mailboxes are usually located on servers controlled by someone else than mailbox owners. Users trying to create their own email serverhave to install unix system and go through hard configuration process of the email server. Purpose of this work is to familiriaze reader with email history and protocols and then introduce design and implementation of an email server with easy configuration for Windows NT platform.
|
|
|
International Alphabets in Network Traffic Monitoring
Talašová, Irena ; Vrána, Roman (referee) ; Polčák, Libor (advisor)
This work deals with the implementation of support for network identifiers containing national characters in the SProbe software project, which is designed to monitor network flows. It was necessary to test and evaluate the status of selected network applications working over SMTP, POP3, IMAP, FTP or SIP protocols. On the basis of the information obtained, an extension of the current software project SProbe was proposed - a module to support network traffic monitoring with national alphabet characters. The proposed solution was then implemented and the functionality of the entire resulting system was tested. In addition, this work proposes and implements a modification of the test environment for faster and more efficient testing of the system focusing on tests containing diacritics.
|
|
|
Network Protocols Semiautomatic Diagnostics
Svoboda, Ondřej ; Ryšavý, Ondřej (referee) ; Holkovič, Martin (advisor)
This thesis is about semiautomatic network protocol diagnostics and creating protocol description from eavesdropped communication. Several network eavesdropping techniques and some common programs for network analysis are introduced. Well-known network protocols are described, with focus on their communication messages. Some already existing methods for creating models from examples are mentioned and their characteristics defined. Next we design architecture of developed tool and some methods, that create protocol description. After that we explain implementation of this tool and finally the tool is tested and experimented with.
|
|
|
Traffic detection and analysis using SSL/TLS
Hutar, Jan ; Dvořák, Jan (referee) ; Smékal, David (advisor)
This diploma thesis deals with a detection and analysis of secure connections of electro- nic communication through SSL/TLS protocols. The thesis begins with introduction to SSL/TLS protocols. Thereafter, an analysis of messages used to establish secure con- nections using STARTTLS and postal protocols SMTP, POP3, and IMAP was made. Metadata detection and extraction of secured simplex and duplex connections take place using deep packet inspection tools. The tool of choice is the nDPI library from the Ntop project. The library was extended to detect the connections and extract the metadata based on studies and analysis of transmitted messages. Finally, testing is performed on a training data set and a basic analysis of acquired metadata is made.
|
|
|
Probe for the Application Protocols Monitoring
Fukač, Tomáš ; Košař, Vlastimil (referee) ; Viktorin, Jan (advisor)
This work describes an extension of the Microprobe functionality for detection and filtering of application protocols. The Microprobe is an embedded system designed for monitoring network links at speed 1 Gb/s without loosing any packets. The detection of application protocols requires using of computationally expensive operations, especially string lookup (usually based on regular expressions). Based on the study of several protocols (SMTP, POP3, FTP, SIP) a draft of a new architecture has been created. The new architecture splits this functionality between programmable logic FPGA and processor. The FPGA performs preprocessing of network traffic consisting of a lookup for user identifiers and protocol-specific patterns. The processor verifies that it is the requested communication. The processor does not need to process the entire network traffic but only the part pre-filtered in the FPGA. The software part is extended by a module for the analysis of SMTP which allows processing of more than 5,000 network flows per second. Support for other protocols can be added by an extension of the software part.
|
|
|
IMAP Proxy for POP3 Mailboxes
Kružliak, Miroslav ; Burget, Radek (referee) ; Kolář, Dušan (advisor)
This bachelor's thesis deals with retrieving e-mails from different accounts on POP3 servers and their organisation in one account on IMAP server. It also studies settings and configuration of IMAP servers in enviroment of operating system Linux. Protocols IMAP and POP3 are briefly compared here from implementation point of view. Further it studies possibilities of periodical start of processes and secure saving of sensitive information. In this part of my thesis main methods of cryptography are shortly confronted.
|
guest ::
