|
|
Intrusion detection and prevention systems
Pitschmann, Andrej ; Blažek, Petr (referee) ; Martinásek, Zdeněk (advisor)
The terminal essay aims to introduce the issue of IDS and IPS and their incorporation into a network. An analysis of pros and cons of used open source IDS/IPS systems will be created together with their inclusion into the network. In addition, we focus on the issue of NIDS that will be located in the network’s path of communication among end users. Following the appropriate setting of NIDS of a client we will be receiving and analyzing all communication directed from the attacker with the help of Snort and Suricata programs. The activities will be conducted thanks to a downloaded package and in the case of a need we will use our own rules that will guide the NIDS system of data control. Regarding the testing phase, we have used the SYN flood attack on server via program Hping3 in OS Linus Kali, which is a distribution created with an aim to conduct a penetration tests and in addition it includes several useful programs. The NIDS will help us to gradually control captured packets.
|
|
|
Construction of Nondeterministic Finite Automata
Stanek, Timotej ; Šimek, Václav (referee) ; Kaštil, Jan (advisor)
This thesis discuss about dilemma in construction of nondeterministic finite automata from PCRE expressions with respect of their parameters with use in Intrusion Detection Systems. There is showed PCRE expressions syntax too. We discussed two different approaches to construct nondeterministic finite automata from PCRE expressions. The implementation of these two algorithms is described. We constructed finite automata with them from expressions of three Intrusion Detection Systems: SNORT, Bro IDS and L7-Filter, and finally we compared their parameters and deduced conclusions.
|
|
|
Behavioral Analysis of Network Traffic and (D)DoS Attack Detection
Chapčák, David ; Hajný, Jan (referee) ; Malina, Lukáš (advisor)
The semestral thesis deals with the analysis of the modern open-source NIDPS tools for monitoring and analyzing the network traffic. The work rates these instruments in terms of their network location and functions. Also refers about more detailed analysis of detecting and alerting mechanisms. Further analyzes the possibilities of detection of anomalies, especially in terms of statistical analysis and shows the basics of other approaches, such as approaches based on data mining and machine learning. The last section presents specific open-source tools, deals with comparison of their activities and the proposal allowing monitoring and traffic analysis, classification, detection of anomalies and (D)DoS attacks.
|
|
|
Intrusion Detection in Computer Network
Hank, Andrej ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
Continuous spreading and growing bandwidth of computer networks brings many security threats. Intrusion Detection System (IDS) is a mean to provide network security. Software IDS aplications gain only low throughput and that is why hardware accelerators are under heavy development. Probe Traffic Scanner is a hardware accelerator developed in Liberouter project with use of FPGA technology. Main core of acceleration is searching packet payload for simple suspicious strings. Regular expressions provide complex way of describing strings. This bachelor thesis adds feature of searching according to Perl Compatible Regular Expressions (PCRE) to Traffic Scanner Probe by implemented transformer. In addition design and implementation of control software allowing users to use functions provided by the Probe have been created. Conception of intrusion detection in network utilizing Traffic Scanner is outlined so as possibilities of cooperation with other security devices.
|
|
|
Machine Learning from Intrusion Detection Systems
Dostál, Michal ; Očenášek, Pavel (referee) ; Hranický, Radek (advisor)
The current state of intrusion detection tools is insufficient because they often operate based on static rules and fail to leverage the potential of artificial intelligence. The aim of this work is to enhance the open-source tool Snort with the capability to detect malicious network traffic using machine learning. To achieve a robust classifier, useful features of network traffic were choosed, extracted from the output data of the Snort application. Subsequently, these traffic features were enriched and labeled with corresponding events. Experiments demonstrate excellent results not only in classification accuracy on test data but also in processing speed. The proposed approach and the conducted experiments indicate that this new method could exhibit promising performance even when dealing with real-world data.
|
|
|
Implementácia IDS/IPS do prostredia univerzitnej siete MENDELU
Hevier, Marek
This diploma thesis deals with issue of IDS/IPS systems and possibilities of their utilization within the university network of Mendel University in Brno. The thesis includes a description how to install and configure Snort IDS, including addon modules based on predefined parameters and the ability to detect malious traffic within college computer network of Mendel University in Brno. The results include verification of correct detection of selected attack types and the discussion of False Positive and False Negative.
|
|
|
Intrusion detection and prevention systems at border devices
Bína, Zdenko ; Frolka, Jakub (referee) ; Blažek, Petr (advisor)
This bachelor thesis is focusing on testing the endurance of networks against DDoS attacks. The theoretical part consists of an introduction to the problematics of these attacks and current trends regarding DDoS attacks, focusing on IDS and IPS systems, and Spirent Avalanche 3100b machine, designed to generate network traffic. The practical part is about the configuration of the software web server Apache, which runs on Linux Debian OS, and it is testing this system for endurance against five DDoS attacks. The server is put through attacks before and after application of systems NIDS and NIPS, using Snort and Suricata software. The goal of the thesis is comparing NIDS and NIPS servers based on the results of testing.
|
|
|
Laboratory task demonstrates Intrusion Protection System
Bronda, Samuel ; Malina, Lukáš (referee) ; Martinásek, Zdeněk (advisor)
This bachelor thesis is divided into two parts. The theoretical part describes security systems, various types of attacks and details of systems to protect computer networks. The practical part focuses on the workplace, where will operate IDS / IPS system Snort and Suricata, the necessary adjustments and simulation of attacks. The bachelor thesis also includes putting the system into real terms.
|
|
|
Intrusion detection and prevention systems
Pitschmann, Andrej ; Blažek, Petr (referee) ; Martinásek, Zdeněk (advisor)
The terminal essay aims to introduce the issue of IDS and IPS and their incorporation into a network. An analysis of pros and cons of used open source IDS/IPS systems will be created together with their inclusion into the network. In addition, we focus on the issue of NIDS that will be located in the network’s path of communication among end users. Following the appropriate setting of NIDS of a client we will be receiving and analyzing all communication directed from the attacker with the help of Snort and Suricata programs. The activities will be conducted thanks to a downloaded package and in the case of a need we will use our own rules that will guide the NIDS system of data control. Regarding the testing phase, we have used the SYN flood attack on server via program Hping3 in OS Linus Kali, which is a distribution created with an aim to conduct a penetration tests and in addition it includes several useful programs. The NIDS will help us to gradually control captured packets.
|
|
|
Behavioral Analysis of Network Traffic and (D)DoS Attack Detection
Chapčák, David ; Hajný, Jan (referee) ; Malina, Lukáš (advisor)
The semestral thesis deals with the analysis of the modern open-source NIDPS tools for monitoring and analyzing the network traffic. The work rates these instruments in terms of their network location and functions. Also refers about more detailed analysis of detecting and alerting mechanisms. Further analyzes the possibilities of detection of anomalies, especially in terms of statistical analysis and shows the basics of other approaches, such as approaches based on data mining and machine learning. The last section presents specific open-source tools, deals with comparison of their activities and the proposal allowing monitoring and traffic analysis, classification, detection of anomalies and (D)DoS attacks.
|
guest ::
