|
|
Behavioral Analysis of Network Traffic and (D)DoS Attack Detection
Chapčák, David ; Hajný, Jan (referee) ; Malina, Lukáš (advisor)
The semestral thesis deals with the analysis of the modern open-source NIDPS tools for monitoring and analyzing the network traffic. The work rates these instruments in terms of their network location and functions. Also refers about more detailed analysis of detecting and alerting mechanisms. Further analyzes the possibilities of detection of anomalies, especially in terms of statistical analysis and shows the basics of other approaches, such as approaches based on data mining and machine learning. The last section presents specific open-source tools, deals with comparison of their activities and the proposal allowing monitoring and traffic analysis, classification, detection of anomalies and (D)DoS attacks.
|
|
|
Communications MikroTik and IPS
Golovkova, Nataliya ; Lieskovan, Tomáš (referee) ; Gerlich, Tomáš (advisor)
The bachelor thesis is is focused on network attack problems and possible protection against their consequencies. The theortecical part describes the attacks that are currently among the most widespread with focus on the attack of Denial of Services (DoS). The next part of the thesis deals with detection and prevention systems fornetwork traffic monitoring with emphasis on the Suricata system. The following part is about getting familiar with the Mikrotik devices that are used in the practical part of the thesis. The practical part aims to provide a solution to mitigate the DoS attack in the communication between Mikrotik router and Suricata system. The communication is solved in a script using the php programming language.
|
|
|
Detection of local area network topology
Šípek, Martin ; Gerlich, Tomáš (referee) ; Martinásek, Zdeněk (advisor)
The bachelor thesis focuses on the detection and mitigation of Man-in-the-Middle attacks in the local network using its own implementation in the Python programming language. One of the most common Man-in-the-Middle attacks is ARP spoofing, which should be identified by the detection system and then mitigate it. The theoretical part of the thesis analyzes the current state of the issue, including a detailed description of the network analysis and tools which are used in this analysis. Cyber attacks are also described, namely Man-in-the-Middle and Denial-of-Service attacks. The practical part describes the realization of the experimental workplace and its detailed components and the installation and configuration of MySQL and Elasticsearch databases. It also focuses on the Suricata program, designed to analyze network traffic, on the actual implementation of Man-in-the-Middle attack detection and on the achieved results of testing of the implemented detection system.
|
|
|
Enterprise Network IPS Security
Jakab, Vojtěch ; Babnič, Patrik (referee) ; Červenka, Vladimír (advisor)
This bachelor's thesis addresses the local area network security. The scope of this thesis is to explore the possibilities of security of these networks and introduction of some attacks which can threaten these networks. The main goal, however, is to design maximum security measures of testing network. CISCO router and Fortinet's firewall are available. Their configuration is limited by possibilities of their operating systems. By the appropriate programms the configuration of IPS configured on firewall is examined and they are used to try to evade this component. The last part of this work deals with executing particular network attacks. They are alaysed and agains successful attacks are proposed apropriate countermeasures.
|
|
|
Mitigation of DDoS Attacks Using IDS/IPS
Litwora, Martin ; Tisovčík, Peter (referee) ; Kučera, Jan (advisor)
This This bachelor's thesis focuses on the detection and mitigation of DDoS attacks (Distributed Denial of Service). The main goal is to analyze and practically verify the capabilities of various IDS/IPS, especially the open-source tool Suircata, to mitigate DDoS attacks. Three main DDoS attack groups are analyzed in this thesis. These groups are flood attacks, amplification attacks, and slow attacks. A set of rules has to be created for each attack type from these groups in order for Suricata to mitigate those DDoS attacks. This thesis also implements a set of tools and scripts to check the functionality and effectiveness of the created rules. These tools are used to generate selected DDoS attacks with different parameters. Testing took place in a virtual environment where special nodes had to be created which represent real subjects during a real DDoS attack. The set of tools and scripts was designed in a way that it can easily be used outside this virtual environment where it is possible to have larger network loads, various variants and combinations of systems, and more.
|
|
|
Intrusion prevention system based on Raspberry Pi
Hirš, David ; Gerlich, Tomáš (referee) ; Martinásek, Zdeněk (advisor)
The number of discovered vulnerabilities rapidly increases. For example in 2019 there were discovered 20 362 vulnerabilities. The probability of cyber-attacks realization is high. Therefore it is necessary to propose and implement automated and low-cost Intrusion Prevention or Intrusion Detection Systems (IPS/IDS). This implemetation can focus on home use or small corporate networks. The main goal of the system is to detect or mitigate cyber-attack impact as fast as possible. The master's thesis proposes IPS/IDS based on Raspberry Pi that can detect and prevent various cyber-attacks. Contents of this thesis are focus on description of cyber-attacks based on ISO/OSI model's Link and Network layers. Then there is description of IPS/IDS systems and theirs open source representatives. The practical part is focus on experimental workspace, hardware consumption of choosen detection systems, cyber-attacks scenarios and own implementation of detection program. Detection program is based on these chosen systems and puts them together to be easily manageable.
|
|
|
Network Traffic Monitoring using Long Working Analyser
Gilík, Aleš ; Horváth, Tomáš (referee) ; Oujezský, Václav (advisor)
This diploma thesis is focused on network monitoring. The theoretical part describes using of detection and prevention systems, properties of these systems, their components and detection techniques. Next part of the thesis is focused on EndaceProbe analyzer and analytic application EndaceVision. Also web services, programming language WSDL and protocol SOAP are described. The practical part is focused on creating three laboratory exercises for network monitoring and for using EndaceProbe. Components of the exercises are the traffic generator IXIA and Cisco switches with the application of remote switched port analyzer. There are also used web services EndaceProbe, programming language WSDL and SOAP protocol.
|
|
|
Modeling and detection of SlowDrop attack
Mazánek, Pavel ; Smékal, David (referee) ; Sikora, Marek (advisor)
The work's main topic is a recently published slow DoS attack called SlowDrop. The work focuses on the subject of describing the current state of the DoS problem as a whole and the SlowDrop attack as well. It works with this theoretical basis during the implementation of it's own SlowDrop attack model. This model is tested in various scenarios and the outcome results are analyzed and constructively discussed. Furthermore defensive mechanisms against this threat and DoS attacks in general are proposed, specific methods shown and configurations recommended. These methods are followingly tested and evaluated. Last but not least the traffic of a SlowDrop attacker and a legitimate client with bad connection, which the SlowDrop attack is trying to immitate, are compared. From this comparison final conclusions of this work are drawn.
|
|
|
Security of Testing Farm Service
Havlín, Jan ; Malinka, Kamil (referee) ; Drga, Jozef (advisor)
This thesis deals with security of Testing Farm Service in Red Hat company. Specifically, it is about unauthorized usage of testing machines for purposes which are not allowed. The need for implementing security measures comes from the fact that users are allowed to run arbitrary code on test machines as the user root. In the implementation part of the thesis, a monitoring agent was created and deployed to the testing machines of the production environment of the service. This system watches transmitted packets, system resources and configuration. Based on these observations, it creates metrics about the system behavior and sends them over to monitoring server Prometheus.
|
|
| |
guest ::
