|
|
Self Test of FlowMon Probe
Kříž, Blažej ; Kaštil, Jan (referee) ; Kořenek, Jan (advisor)
This thesis deals with development of built-in self-test for FlowMon probe, device for monitoring network traffic based on IP flows. At the begining, both NetFlow technology and the FlowMon probe are described and related terms are summarized. The development itself consists of requirements specification and analysis, design of general testing technique, desing of particular tests, their implementation and solution review.
|
|
|
Spam Detection Using DNS MX Records
Plotěný, Ondřej ; Krobot, Pavel (referee) ; Kováčik, Michal (advisor)
The aim of this thesis is the detection of malicious spammer hosts based on passive analysis of captured DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on high volume of MX query per host and high NXDomain ratio. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.
|
|
|
Vulnerability Detection in Computer Network
Šuhaj, Peter ; Hranický, Radek (referee) ; Holkovič, Martin (advisor)
Bachelor's thesis deals with analysis of chosen network protocols, finding their vulnerabilities and with designing and implementation of a tool for their detection. A vulnerability, for example, is using unencrypted communication. First of all the chosen protocols are studied, next methods for capturing and processing network traffic are analyzed. Based on research the design of the tool for detecting vulnerabilities is created and design of the format of vulnerabilities is created. Afterwards the implementation of the design is created in language Python and YAML configuration files are created containing entries of vulnerabilities. The program checks the input PCAP based on the content of these files. Testing took place on files of different size containing captured network traffic.
|
|
|
Diagnosis of Communication Problems in Captured Network Traffic
Marko, Peter ; Holkovič, Martin (referee) ; Kořenek, Jan (advisor)
This thesis deals with a system for measuring the quality of captured data on the network. The focus is mainly on packet loss caused by insufficient capture rate. The quality of captured network traffic is evaluated on TCP protocol, which implements sequence and acknowledgment numbers. Based on these numbers, we can detect data, that has been correctly transmitted, but we do not see them in the capture. Existing tools, such as capTCP or Wireshark, are not suitable for this analysis because they cannot comprehensively analyze the quality of captured communication, filter communication flows according the metrics and do not fit into system DISTANCE. This thesis is also focused on configuration problems of DHCP protocol.
|
|
|
Detection of Dynamic Network Applications
Juránek, Michal ; Kaštil, Jan (referee) ; Tobola, Jiří (advisor)
This thesis describes methods of detection of simple voice communications of encrypted VoIP calls between two Skype clients. The elements of network and its communication principles are described. Three approaches to classification are analyzed. The first approach performs the classification by content of network packets using Pearson's chi2 test of goodness of fit, the second approach by characteristics of network flows by means of naive Bayesian classification. The third approach describes ways of detecting signaling messages. The detector application is implemented on the basis of chosen methods.
|
|
|
Anonymization of PCAP Files
Navrátil, Petr ; Hynek, Jiří (referee) ; Holkovič, Martin (advisor)
This diploma thesis deals with the design and implementation of an application suitable for the anonymization of PCAP files. The thesis presents TCP/IP model and for each layer highlights attributes that can be used to identify real people or organizations. Some of the anonymization methods suitable to modify highlighted attributes and sensitive data are described. The implemented application uses TShark tool to parse byte data of PCAP format to JSON format that is used in the application. TShark supports lots of network protocols which allows the application to anonymize various attributes. Anonymization process is controlled by anonymization politics that can be customized by adding new attributes or anonymization methods.
|
|
|
Design of Network Applications for a NetCOPE Platform
Hank, Andrej ; Kořenek, Jan (referee) ; Martínek, Tomáš (advisor)
Monitoring and security in multigigabit networks with speeds 1 - 100 Gb/s needs hardware acceleration. NetCOPE platform for rapid development of network applications uses hardware acceleration card with FPGA technology by means of hardware/software codesign. Increas in performance of platform's software part is dependent of parallel processing in applications to take advantage of utilising more processor cores. This thesis analyses NetCOPE platform architecture and possibilities of parallelising classic network applications and creates models of concurrent access to data in NetCOPE platform to utilize more processor cores. These models are subsequently implemented as extensions to platform's Linux system drivers. Userspace libraries are created to provide simple interface for applications to use these new features. To achieve high throughput of this solution several optimizations are performed. Results are measured by created testing tools.
|
|
|
Graphical Tool for Packet Generation
Mareš, Martin ; Bartoš, Václav (referee) ; Puš, Viktor (advisor)
This bachelor's thesis is about network packet generators. The first part is devoted to communication theory in computer networks from the perspective of TCP/IP architecture. The second part describes the results of search for currently available tools. The third part is devoted to design and implementation of own tool with graphical user interface for packets generation. The tool is designed object-oriented with an emphasis on ease of future expansion. The application concept includes also tools for generating dynamically changing series of packets to simulate network flows. The designed tool is implemented using the programming language C++ and the Qt framework. The last part contains an evaluation of results and comparison with the already available solutions.
|
|
|
Optimization of the Suricata IDS/IPS
Šišmiš, Lukáš ; Fukač, Tomáš (referee) ; Korček, Pavol (advisor)
V dnešnom svete zrýchľujúcej sa sieťovej prevádzky je potrebné držať krok v jej monitorovaní . Dostatočný prehľad o dianí v sieti dokáže zabrániť rozličným útokom na ciele nachádzajúce sa v nej . S tým nám pomáhajú systémy IDS, ktoré upozorňujú na udalosti nájdené v analyzovanej prevádzke . Pre túto prácu bol vybraný systém Suricata . Cieľom práce je vyladiť nastavenia systému Suricata s rozhraním AF_PACKET pre optimálnu výkonnosť a následne navrhnúť a implementovať optimalizáciu Suricaty . Výsledky z meraní AF_PACKET majú slúžiť ako základ pre porovnanie s navrhnutým vylepšením . Navrhovaná optimalizácia implementuje nové rozhranie založené na projekte Data Plane Development Kit ( DPDK ). DPDK je schopné akcelerovať príjem paketov a preto sa predpokladá , že zvýši výkon Suricaty . Zhodnotenie výsledkov a porovnanie rozhraní AF_PACKET a DPDK je možné nájsť na konci diplomovej práce .
|
|
|
Anonymization of PCAP Files
Navrátil, Petr ; Hynek, Jiří (referee) ; Holkovič, Martin (advisor)
This diploma thesis deals with the design and implementation of an application suitable for the anonymization of PCAP files. The thesis presents TCP/IP model and for each layer highlights attributes that can be used to identify real people or organizations. Some of the anonymization methods suitable to modify highlighted attributes and sensitive data are described. The implemented application uses TShark tool to parse byte data of PCAP format to JSON format that is used in the application. TShark supports lots of network protocols which allows the application to anonymize various attributes. Anonymization process is controlled by anonymization politics that can be customized by adding new attributes or anonymization methods.
|
guest ::
