|
|
Machine Learning from Intrusion Detection Systems
Dostál, Michal ; Očenášek, Pavel (referee) ; Hranický, Radek (advisor)
The current state of intrusion detection tools is insufficient because they often operate based on static rules and fail to leverage the potential of artificial intelligence. The aim of this work is to enhance the open-source tool Snort with the capability to detect malicious network traffic using machine learning. To achieve a robust classifier, useful features of network traffic were choosed, extracted from the output data of the Snort application. Subsequently, these traffic features were enriched and labeled with corresponding events. Experiments demonstrate excellent results not only in classification accuracy on test data but also in processing speed. The proposed approach and the conducted experiments indicate that this new method could exhibit promising performance even when dealing with real-world data.
|
|
|
Using Metadata to Optimize the Suricata IDS/IPS
Shchapaniak, Andrei ; Fukač, Tomáš (referee) ; Šišmiš, Lukáš (advisor)
Jak Internet stále roste a vyvíjí se, kybernetické útoky se stávají škodlivějšími a závažnějšími. Je tedy důležité mít účinné systémy detekce a prevence. Potřeba takových systémů se stává urgentnější, protože škody způsobené kybernetickými útoky mohou být pro jednotlivce i organizace katastrofické. Toto motivuje k vývoji vysoce výkonných systémů detekce a prevence, které jsou schopny efektivněji detekovat a bránit kybernetickým útokům. Tato bakalářská práce se konkrétně zaměřuje na jeden z těchto systémů -- Suricatu. Jedná se o IDS/IPS systém s otevřeným kódem, který je v průmyslu široce používán díky svým pokročilým schopnostem a flexibilitě. Základním cílem této práce je navrhnout, implementovat a vyhodnotit přenos metadat pro každý paket. Metadata mohou být přidána pomocí chytrých síťových karet (SmartNICs). DPDK Prefilter byl použit společně se Suricatou k simulaci specializovaného hardwaru. On dokáže simulovat přenos metadat do Suricaty. Dopad metadat a výsledky experimentálního hodnocení budou podrobně popsány na konci této bakalářské práce.
|
|
|
Cyber security of endpoint elements
Fabík, Václav ; Procházka, Rudolf (referee) ; Smékal, Zdeněk (advisor)
This paper describes the design of cyber security for endpoints working on the ARM hardware architecture with the Linux operating system and using the TCP/IP and UDP/IP protocols for network communication. In the introduction, the reader is introduced to the basic concepts of cyber security as well as to the public key infrastructure (PKI) and ways of establishing a secure connection. The reader is introduced to the basic security techniques and the standard regulating security for industrial automation systems. In the practical part, the threat assessment of the presented network infrastructure is elaborated, and security functions that are embedded in NXP i.MX 7 processors and can be used for the cryptographic security of these devices are described.
|
|
|
Network probe: Network monitoring and management tool
Bohačík, A. ; Fujdiak, R. ; Mišurec, J.
Nowadays, there are many risks associated with computer networks, some of them can be eliminated with network probes. This paper is focused on the developed BUT network probe as a tool representing a hardware protection element of the network. Furthermore, the basics of IDS and IPS systems are described, including their possible applications. The basic concept of the network probe, the description of its basic parts and the created user interface are discussed. The last part is focused on the testing of hardware components that directly affect the proper functioning. The test results showed that the BUT network probe is able to perform network traffic analysis even at its maximum load.
|
|
|
Security of Testing Farm Service
Havlín, Jan ; Malinka, Kamil (referee) ; Drga, Jozef (advisor)
This thesis deals with security of Testing Farm Service in Red Hat company. Specifically, it is about unauthorized usage of testing machines for purposes which are not allowed. The need for implementing security measures comes from the fact that users are allowed to run arbitrary code on test machines as the user root. In the implementation part of the thesis, a monitoring agent was created and deployed to the testing machines of the production environment of the service. This system watches transmitted packets, system resources and configuration. Based on these observations, it creates metrics about the system behavior and sends them over to monitoring server Prometheus.
|
|
|
The role of mTOR signalling pathway in neural differentiation of stem cells
Šintáková, Kristýna ; Jendelová, Pavla (advisor) ; Dráber, Peter (referee)
Spinal cord injury is a very serious, complex, and life changing injury for which today's medicine still does not have an efficient treatment. It is only possible to mitigate the consequences of this injury and the pathological processes associated with it. Neural stem cell transplantation has immunosuppressive effects in the pathology of spinal cord injury and promotes regeneration. mTOR kinase is a member of the crucial intracellular PI3K/Akt/mTOR signalling pathway, making it a suitable target for therapeutic intervention and immunosuppressants such as rapamycin. mTOR signalling is important for neural stem cells and in the pathology of spinal cord injury. The aim of this study was to investigate the role of the mTOR pathway in differentiation of stem cells into neuronal phenotype. Rapamycin was applied to in vitro culture of neural progenitors. Immunocytochemistry and immunoblotting techniques were used to study the effect of this inhibition on the cell phenotype and on the activity of the mTOR pathway. Using the rat model of spinal cord injury in vivo, immunohistochemistry and immunoblotting techniques were used to evaluate the impact of rapamycin inhibition on the mTOR pathway, autophagy, and cytokine production by cells in the damaged tissue. The results show that the mTOR pathway plays role...
|
|
|
Proposal Of Cyber Threat Detector Using Raspberry Pi
Hirš, David
Nowadays, the number of discovered vulnerabilities increases rapidly. In 2019, the 20,362 vulnerabilities were discovered. Therefore, the probability of cyber-attacks realization and theireconomic impact are real. Currently, it is necessary to propose and implement automated and lowcostIntrusion Prevention Systems (IPS) that is applicable for home use or small corporate networks.The main goal of the system is to mitigate cyber-attack impact as fast as possible. In this article, wepropose IPS based on Raspberry Pi that can detect and prevent many various cyber-attacks.
|
|
|
An Appropriate Strategy For Detecting Security Incidents In Industrial Networks
Kuchař, Karel ; Holasová, Eva
This paper is focused on environment of critical infrastructure and inadequate security problem. Industrial network typically works with old devices and a potential update may cause delay in the production and costs a lot of money. That is the reason why additional devices improving security of all system must be introduced. Tools like IDS/IPS (Intrusion Detection System/Intrusion Prevention System) are great for detecting anomalies and defining signatures in the network traffic. For such types of the network it is critical proper handling of security issues and generated alerts.
|
|
|
Optimization of the Suricata IDS/IPS
Šišmiš, Lukáš ; Fukač, Tomáš (referee) ; Korček, Pavol (advisor)
V dnešnom svete zrýchľujúcej sa sieťovej prevádzky je potrebné držať krok v jej monitorovaní . Dostatočný prehľad o dianí v sieti dokáže zabrániť rozličným útokom na ciele nachádzajúce sa v nej . S tým nám pomáhajú systémy IDS, ktoré upozorňujú na udalosti nájdené v analyzovanej prevádzke . Pre túto prácu bol vybraný systém Suricata . Cieľom práce je vyladiť nastavenia systému Suricata s rozhraním AF_PACKET pre optimálnu výkonnosť a následne navrhnúť a implementovať optimalizáciu Suricaty . Výsledky z meraní AF_PACKET majú slúžiť ako základ pre porovnanie s navrhnutým vylepšením . Navrhovaná optimalizácia implementuje nové rozhranie založené na projekte Data Plane Development Kit ( DPDK ). DPDK je schopné akcelerovať príjem paketov a preto sa predpokladá , že zvýši výkon Suricaty . Zhodnotenie výsledkov a porovnanie rozhraní AF_PACKET a DPDK je možné nájsť na konci diplomovej práce .
|
|
|
Mitigation of DDoS Attacks Using IDS/IPS
Litwora, Martin ; Tisovčík, Peter (referee) ; Kučera, Jan (advisor)
This This bachelor's thesis focuses on the detection and mitigation of DDoS attacks (Distributed Denial of Service). The main goal is to analyze and practically verify the capabilities of various IDS/IPS, especially the open-source tool Suircata, to mitigate DDoS attacks. Three main DDoS attack groups are analyzed in this thesis. These groups are flood attacks, amplification attacks, and slow attacks. A set of rules has to be created for each attack type from these groups in order for Suricata to mitigate those DDoS attacks. This thesis also implements a set of tools and scripts to check the functionality and effectiveness of the created rules. These tools are used to generate selected DDoS attacks with different parameters. Testing took place in a virtual environment where special nodes had to be created which represent real subjects during a real DDoS attack. The set of tools and scripts was designed in a way that it can easily be used outside this virtual environment where it is possible to have larger network loads, various variants and combinations of systems, and more.
|
guest ::
