|
|
Detection of Slow Network Attacks
Pacholík, Václav ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This master's thesis is aimed how can be network traffic monitored using IP flows. The description of NEMEA framework that can be used to build complex intrusion detection system. Following chapters describes port scanning methods and SSH protocol which can be used for remote login to the system, which can be exploited by an attacker. These two areas are intended to be detected in a slow attack manner, when attacker using low attack speed, which he can evade multiple detection methods. Proposed method for detection such attacks is using information from the last few connections. Finally, proposed detection method results are further described.
|
|
|
Fast Regular Expression Matching Using FPGA
Kaštil, Jan ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
The thesis explains several algorithms for pattern matching. Algorithms work in both software and hardware. A part of the thesis is dedicated to extensions of finite automatons. The second part explains hashing and introduces concept of perfect hashing and CRC. The thesis also includes a suggestion of possible structure of a pattern matching unit based on deterministic finite automatons in FPGA. Experiments for determining the structure and size of resulting automatons were done in this thesis.
|
|
|
System Log Analysis
Ščotka, Jan ; Peringer, Petr (referee) ; Smrčka, Aleš (advisor)
The goal of this master thesis is to make possible to perform system log analysis in more general way than well-known host-based instrusion detection systems (HIDS). The way how to achieve this goal is via proposed user-friendly regular expressions. This thesis deals with making regular expressions possible to use in the field of log analysis, and mainly by users unfamiliar with formal aspects of computer science.
|
|
|
Traffic Connection Searching in Transport Schedules
Žižka, Ondřej ; Bidlo, Michal (referee) ; Jaroš, Jiří (advisor)
Everyday need of modern society is a mass personal transit on a regular basis. For this purpose, mass transit systems exist which obey aforethought schedule. This thesis' goal is to examine the means of automatic search of connections from one place to another, implement such search, and to advance the search algorithm using the soft-computing paradigms. Minor goal would be a research of SQL language procedural capabilities, which could support mass pseudo-parallel computations.
|
|
|
Eluding and Evasion of IDS Systems
Černý, Marek ; Tobola, Jiří (referee) ; Žádník, Martin (advisor)
This paper analyzes network security devices called intrusion detection (ID) systems. In order to point out possible flaws, especially ID systems using signature analysis are examined. Based on this, methods to exploit possible vulnerabilities of these systems were designed. These methods were implemented into a simple program for ID systems efficiency evaluation. It can be used in a way entirely independent of particular network attack used in the test.
|
|
|
Automatic Grouping of Regular Expressions
Stanek, Timotej ; Kořenek, Jan (referee) ; Kaštil, Jan (advisor)
This project is about security of computer networks using Intrusion Detection Systems. IDS contain rules for detection expressed with regular expressions, which are for detection represented by finite-state automata. The complexity of this detection with non-deterministic and deterministic finite-state automata is explained. This complexity can be reduced with help of regular expressions grouping. Grouping algorithm and approaches for speedup and improvement are introduced. One of the approches is Genetic algorithm, which can work real-time. Finally Random search algorithm for grouping of regular expressions is presented. Experiment results with these approches are shown and compared between each other.
|
|
|
Analysis of Security Incidents from Network Traffic
Serečun, Viliam ; Grégr, Matěj (referee) ; Ryšavý, Ondřej (advisor)
Analýza bezpečnostních incidentů se stala velmi důležitým a zajímavým oborem počítačové vědy. Monitorovací nástroje a techniky pomáhají při detekci a prevenci proti tímto škodlivým aktivitám. Tento dokument opisuje počítačové útoky a jejich klasifikaci. Také jsou tady opsaný některé monitorovací nástroje jako Intrusion Detection System nebo NetFlow protokol a jeho monitorovací software. Tento dokument také opisuje konfiguraci experimentální topologie a prezentuje několik experimentů škodlivých aktivit, které byly detailně kontrolovány těmito monitorovacími nástroji.
|
|
| |
|
|
Extension of Behavioral Analysis of Network Traffic Focusing on Attack Detection
Teknős, Martin ; Zbořil, František (referee) ; Homoliak, Ivan (advisor)
This thesis is focused on network behavior analysis (NBA) designed to detect network attacks. The goal of the thesis is to increase detection accuracy of obfuscated network attacks. Methods and techniques used to detect network attacks and network traffic classification were presented first. Intrusion detection systems (IDS) in terms of their functionality and possible attacks on them are described next. This work also describes principles of selected attacks against IDS. Further, obfuscation methods which can be used to overcome NBA are suggested. The tool for automatic exploitation, attack obfuscation and collection of this network communication was designed and implemented. This tool was used for execution of network attacks. A dataset for experiments was obtained from collected network communications. Finally, achieved results emphasized requirement of training NBA models by obfuscated malicious network traffic.
|
|
|
Network Traffic Monitoring using Long Working Analyser
Gilík, Aleš ; Horváth, Tomáš (referee) ; Oujezský, Václav (advisor)
This diploma thesis is focused on network monitoring. The theoretical part describes using of detection and prevention systems, properties of these systems, their components and detection techniques. Next part of the thesis is focused on EndaceProbe analyzer and analytic application EndaceVision. Also web services, programming language WSDL and protocol SOAP are described. The practical part is focused on creating three laboratory exercises for network monitoring and for using EndaceProbe. Components of the exercises are the traffic generator IXIA and Cisco switches with the application of remote switched port analyzer. There are also used web services EndaceProbe, programming language WSDL and SOAP protocol.
|
guest ::
