|
|
The (New) Security Dilemma: Impact of technological innovation on the security dilemma
Kadre, Sudhanshu ; Špelda, Petr (advisor) ; Šenk, Michal (referee)
The enduring concept of the security dilemma seen from the lens of the technological revolution in Information Security provides a different perception than the traditional version of the dilemma. Moving from apparent to perceived threats, the underlying fear and uncertainty between state actors in an anarchic system have witnessed an increase. This thesis has the objective to study the effect of the advancements in Information and Community Technology, particularly in Cybersecurity, on the perception of the security dilemma. By analysing the basis of Information Security theory while simultaneously probing the cyber threat landscape through the use of case studies of cyber attacks and cyber diplomacy, the thesis highlights the relevance of the security dilemma in cyberspace
|
|
|
Data Sets for Network Security
Setinský, Jiří ; Hranický, Radek (referee) ; Tisovčík, Peter (advisor)
In network security, machine learning techniques are used to effectively detect anomalies and malware in network traffic. A quality dataset is needed to train a network classifier with high accuracy. The aim of this paper is to modify the dataset using machine learning techniques to improve the quality of the dataset which will lead to training the model with a higher accuracy. The dataset is analyzed by a clustering algorithm and each cluster is characterized by a statistical description resulting from the attributes of the input dataset. The statistical description along with the information of the original classifier is used to compute the score. The score serves as a weight in the modification phase. Cluster analysis allows to filter out the data that are important for training the final model. The proposed approach allows us to mitigate the redundancy of the dataset or to augment it with missing data. The result is a modification framework that is able to reduce the datasets or perform their aggregation in order to create a compact dataset that reflects the actual network traffic. Models were trained on the created datasets and achieved higher accuracy compared to the existing solution.
|
|
|
Detection of Malicious Domain Names
Setinský, Jiří ; Perešíni, Martin (referee) ; Tisovčík, Peter (advisor)
The bachelor thesis deals with the detection of artificially generated domain names (DGA). The generated addresses serve as a means of communication between the attacker and the infected computer. By detection, we can detect and track infected computers on the network. The detection itself is preceded by the study of machine learning techniques, which will then be applied in the creation of the detector. To create the final classifier in the form of a decision tree, it was necessary to analyze the principle of DGA addresses. Based on their characteristics, the attributes were extracted, according to which the final classifier will be decided. After learning the classification model on the training set, the classifier was implemented in the target platform NEMEA as a detection module. After final optimizations and testing, we achieved a accuracy of the classifier of 99%, which is a very positive result. The NEMEA module is ready for real-world deployment to detect security incidents. In addition to the NEMEA module, another model was created to predict the accuracy of datasets with domain names. The model is trained based on the characteristics of the dataset and the accuracy of the DGA detector, whose behavior we want to predict.
|
|
|
Penetration testing of ANC
Dušek, Jakub ; Jakub,, Přibyl (referee) ; Sedlák, Petr (advisor)
This diploma thesis deals with the evaluation of a security solution that was recently deployed by a British company renting office space. This validation system is based on a database of MAC addresses, a database of clients and active filtering of connected devices. The first part explains the concepts of computer network, VLAN and basic concepts needed to understand the function of dynamic assignment of VLAN and IP addresses. The second part is devoted to measurements based on hypotheses, according to which measures are proposed in the last part to solve these security problems.
|
|
|
Case Study of Selected Network Vulnerabilities
Kolajová, Jana ; Kačic, Matej (referee) ; Homoliak, Ivan (advisor)
The main goal of this thesis is to deal with databases of vulnerable code bases and vulnerable applications, and to implement a tool for autonomous search and saving data from those databases to a local one. The thesis is divided into theoretical and practical parts. The theoretical part deals with my current knowledge of the main topic and creates a foundation for the implementation. Various kinds of vulnerabilities and network attacks are described in detail in this part. The practical part describes implementation of the tool and its real use.
|
|
| |
|
|
Reputation of Malicious Traffic Sources
Bartoš, Václav ; Lhotka,, Ladislav (referee) ; Vozňák, Miroslav (referee) ; Kořenek, Jan (advisor)
An important part of maintaining network security is collecting and processing information about cyber threats, both from network operator's own detection tools and from third parties. A commonly used type of such information are lists of network entities (IP addresses, domains, URLs, etc.) which were identified as malicious. However, in many cases, the simple binary distinction between malicious and non-malicious entities is not sufficient. It is beneficial to keep other supplementary information for each entity, which describes its malicious activities, and also a summarizing score, which evaluates its reputation numerically. Such a score allows for quick comprehension of the level of threat the entity poses and allows to compare and sort entities. The goal of this work is to design a method for such summarization. The resulting score, called Future Maliciousness Probability (FMP score), is a value between 0 and 1, assigned to each suspicious network entity, expressing the probability that the entity will do some kind of malicious activity in a near future. Therefore, the scoring is based of prediction of future attacks. Advanced machine learning methods are used to perform the prediction. Their input is formed by previously received alerts about security events and other relevant data related to the entity. The method of computing the score is first described in a general way, usable for any kind of entity and input data. Then a more concrete version is presented for scoring IPv4 address by utilizing alerts from an alert sharing system and supplementary data from a reputation database. This variant is then evaluated on a real world dataset. In order to get enough amount and quality of data for this dataset, a part of the work is also dedicated to the area of security analysis of network data. A framework for analysis of flow data, NEMEA, and several new detection methods are designed and implemented. An open reputation database, NERD, is also implemented and described in this work. Data from these systems are then used to evaluate precision of the predictor as well as to evaluate selected use cases of the scoring method.
|
|
|
Case Study of Selected Network Vulnerabilities
Kolajová, Jana ; Malinka, Kamil (referee) ; Homoliak, Ivan (advisor)
The main goal of this thesis is to deal with databases of vulnerable code bases and vulnerable applications, and to implement a tool for autonomous search and saving data from those databases to a local one. The thesis is divided into theoretical and practical parts. The theoretical part deals with my current knowledge of the main topic and creates a foundation for the implementation. Various kinds of vulnerabilities and network attacks are described in detail in this part. The practical part describes implementation of the tool and its real use.
|
|
|
Active security equipment in computer networks
Škrdla, Vojtěch ; Martinásek, Zdeněk (referee) ; Malina, Lukáš (advisor)
The main object of this bachelor's thesis is to describe problematics of active security devices. The thesis is mainly focused on firewalls. Thesis is divided into several topics, in which we describe types of security devices, division of firewalls, description of their advantages and disadvantages, types of VPN. The practical part describes the security design of mid-sized computer network, description of software that was used to test this network and the last part focuses on designing laboratory tasks with firewalls Cisco ASA5520 and Checkpoint Gaia R77.
|
|
| |
guest ::
