|
|
Detecting Network Management Applications Using AppFlow
Navrátil, Luboš ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This bachelor thesis is focused on the network application detection, using AppFlow in order to obtain information about a monitored network. The main goal of the thesis is to create plugin for FlowMon device that is made by INVIA-TECH. The plugin should provide a functionality for the detection of a network application and it should be also capable of exporting the detected information using the IPFIX protocol.
|
|
|
Web Portal for Network Traffic Reporting
Lízal, Miroslav ; Žádník, Martin (referee) ; Tobola, Jiří (advisor)
This thesis focuses on development of a web portal, which provides information about network traffic. It describes available technologies, which can be used for the network monitoring. It puts emphasis especially on NeTFlow. This paper also descirebs the whole development cycle from analysis to implementation and testing. The outcome of this work is a online system, based on PHP language and PostgreSQL database, which creates reports on the network traffic and makes them accessible via WWW. It is also able to save these reports to a PDF file.
|
|
|
Compression of IP Flow Records
Kaščák, Andrej ; Kajan, Michal (referee) ; Žádník, Martin (advisor)
My Master's thesis deals with the problems of flow compression in network devices. Its outcome should alleviate memory consumption of the flows and simplify the processing of network traffic. As an introduction I provide a description of protocols serving for data storage and manipulation, followed by discussion about possibilities of compression methods that are employed nowadays. In the following part there is an in-depth analysis of source data that shows the structure and composition of the data and brings up useful observations, which are later used in the testing of existing compression methods, as well as about their potential and utilization in flow compression. Later on, I venture into the field of lossy compression and basing on the test results a new approach is described, created by means of flow clustering and their subsequent lossy compression. The conclusion contains an evaluation of the possibilities of the method and the final summary of the thesis along with various suggestions for further development of the research.
|
|
|
Validation of Network Parameters Based on Network Monitoring
Martínek, Radim ; Veselý, Vladimír (referee) ; Žádník, Martin (advisor)
The Master's Thesis presents a theoretical introduction, familiarization with the issue and a implementation for a solution of a "network parameter validation" tool, which is founded on principle of network traffic monitoring. Firstly, the current development of computer network setup is analyzed with its limitations. This is an initial point for an introduction of a new approach for implementation and verification of required network setting, which uses techniques of verification, simulation and validation. After the introduction into the context, validation techniques are specifically examined. The Thesis main contribution lies in the capacity to determine appropriate parameters, which can be used for validation and also for implementation of the tool, which ensures validation process. The network traffic, which characterizes the behavior of the network, is collected by NetFlow technology, which generates network flows. These flows are consequently used by the designed tool used for validation of required network parameters. This process overall verifies whether the main computer network requirements have been met or not.
|
|
|
Detection of Network Anomalies Based on NetFlow Data
Czudek, Marek ; Bartoš, Václav (referee) ; Kořenek, Jan (advisor)
This thesis describes the use of NetFlow data in the systems for detection of disruptions or anomalies in computer network traffic. Various methods for network data collection are described, focusing especially on the NetFlow protocol. Further, various methods for anomaly detection in network traffic are discussed and evaluated, and their advantages as well as disadvantages are listed. Based on this analysis one method is chosen. Further, test data set is analyzed using the method. Algorithm for real-time network traffic anomaly detection is designed based on the analysis outcomes. This method was chosen mainly because it enables detection of anomalies even in an unlabelled network traffic. The last part of the thesis describes implementation of the algorithm, as well as experiments performed using the resulting application on real NetFlow data.
|
|
|
HTTP Application Performance Monitoring
Knapik, Martin ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
Goal of this bachelor thesis was to create solution for monitoring and analysis of network performance of HTTP server using Nemea framework and NetFlow data. For this purpose, I've created Nemea module for filtering, parsing and saving NetFlow data enhanced by informations gained from HTTP plugin on exporter. For analysis and user interface, webpage based on Django framework was created, used for displaying statistics that are useful for users in order to reveal problems with monitored servers. Result of my work is product, which is demonstrating possibility of using of Nemea system for passive monitoring of HTTP servers.
|
|
|
Analysis of Security Incidents from Network Traffic
Serečun, Viliam ; Grégr, Matěj (referee) ; Ryšavý, Ondřej (advisor)
Analýza bezpečnostních incidentů se stala velmi důležitým a zajímavým oborem počítačové vědy. Monitorovací nástroje a techniky pomáhají při detekci a prevenci proti tímto škodlivým aktivitám. Tento dokument opisuje počítačové útoky a jejich klasifikaci. Také jsou tady opsaný některé monitorovací nástroje jako Intrusion Detection System nebo NetFlow protokol a jeho monitorovací software. Tento dokument také opisuje konfiguraci experimentální topologie a prezentuje několik experimentů škodlivých aktivit, které byly detailně kontrolovány těmito monitorovacími nástroji.
|
|
|
Automated Development of Network Attack Detectors
Huták, Lukáš ; Kováčik, Michal (referee) ; Žádník, Martin (advisor)
The thesis is focused on automated development of network attack detectors. It describes a design of patterns developed for normal and offensive behaviors based on monitoring network traffic of selected services. Patterns are represented by statistics with a focus on suitable metrics. Using machine learning algorithms attack detectors are created from behavioral patterns. Finally, a module was implemented for Nemea system in C/C++ programming language based on the proposal.
|
|
|
Optimization of NetFlow Data Search Using nfdump
Kubovič, Martin ; Žádník, Martin (referee) ; Bartoš, Václav (advisor)
This bachelor thesis deals with optimization of NetFlow data search using the nfdump tool. This thesis describes NetFlow protocol and tool nfdump and proposes the solution using data structure Bloom filter. The main goal was to optimize data storage and processing in order to be able to search the huge amounts of collected data and get results very quickly. The outcome of this thesis is the optimized tool that network administrators can use to search these data and significantly accelerate monitoring and analyzing network.
|
|
|
Analysis of Captured DNS Traffic
Hmeľár, Jozef ; Kekely, Lukáš (referee) ; Kováčik, Michal (advisor)
This thesis is focused on the analysis of captured DNS traffic. Introduction of this thesis is focused of basic desciption of computer networks , DNS and description of network flows. Then, the work focused on analysis Netflow format, IPFIX and PCAP, the analysis and implementation of tool for analyzing DNS traffic in C++ programming language. The conclusion is devoted to the results of the implemented tools.
|
guest ::
