|
|
Ssh Attacks Detection on Netflow Layer
Marek, Marcel ; Barabas, Maroš (referee) ; Michlovský, Zbyněk (advisor)
This bachelor's thesis briefly describes the basic principles of SSH protocol, its architecture and used encryption. The thesis is mainly focused on datamining information from low-level network communication and usage of its results for attacks detection. It also describes dictionary attacks used on SSH service and with NetFlow shows further possibilities of increasing network security.
|
|
|
Attack Techniques on ELF/PE Files and Detection
Brunai, Adam ; Jurnečka, Peter (referee) ; Barabas, Maroš (advisor)
This thesis deals with the attack techniques on executable files in Windows OS. Its main goal is to analyze the file infection techniques in terms of their implementation and detection. Before the analysis, the reader will become familiar with executable files. Part of the thesis is demonstration tool named "pein" that solves implementation of infection. In conclusion, the work deals with the malware analysis and detection techniques.
|
|
| |
|
|
Network-Based Application Recognition
Štourač, Jan ; Barabas, Maroš (referee) ; Malinka, Kamil (advisor)
This thesis introduces readers various methods that are currently used for detection of network-based applications. Further part deals with selection of appropriate detection method and implementation of proof-of-concept script, including testing its reliability and accuracy. Chosen detection algorithm is based on statistics data from network flows of tested network communication. Due to its final solution does not depend on whether communication is encrypted or not. Next part contains several possible variants of how to integrate proposed solution in the current architecture of the existing product Kernun UTM --- which is firewall produced by Trusted Network Solutions a.s. company. Most suitable variant is chosen and described furthermore in more details. Finally there is also mentioned plan for further developement and possible ways how to improve final solution.
|
|
|
Network Traffic Obfuscation for IDS Detection Avoidance
Ovšonka, Daniel ; Barabas, Maroš (referee) ; Malinka, Kamil (advisor)
This thesis deals with the principles of network traffic obfuscation, in order to avoid its detection by the Intrusion Detection System installed in the network. At the beginning of the work, reader is familiarized with the fundamental principle of the basic types of IDS and introduced into the matter of obfuscation techniques, that serve as stepping stone in order to create our own library, whose design is described in the last part of the work. The outcome of the work is represented by a library, that provides all the implemented techniques for further use. The library can be well utilized in penetration testing of the new systems or used by the attacker.
|
|
|
System for Detection of APT Attacks
Hujňák, Ondřej ; Kačic, Matej (referee) ; Barabas, Maroš (advisor)
The thesis investigates APT attacks, which are professional targeted attacks that are characterised by long-term duration and use of advanced techniques. The thesis summarises current knowledge about APT attacks and suggests seven symptoms that can be used to check, whether an organization is under an APT attack. Thesis suggests a system for detection of APT attacks based on interaction of those symptoms. This system is elaborated further for detection of attacks in computer networks, where it uses user behaviour modelling for anomaly detection. The detector uses k-nearest neighbors (k-NN) method. The APT attack recognition ability in network environment is verified by implementing and testing this detector.
|
|
|
Analysis of Entropy Levels in the Entropy Pool of Random Number Generator
Krempa, Peter ; Hanáček, Petr (referee) ; Barabas, Maroš (advisor)
V informatice je pojem entropie obvykle znám jako nahodný proud dat. Tato práce krátce shrnuje metody generovaní nahodných dat a popisuje generátor náhodnych čísel, jež je obsažen v jádře operačního systému Linux. Dále se práce zabývá určením bitové rychlosti generování nahodných dat tímto generátorem ve virtualizovaném prosředí, které poskytují různé hypervizory. Práce popíše problémy nízkého výkonu generátory nahodných dat ve virtualním prostředí a navrhne postup pro jejich řešení. Poté je nastíňena implementace navržených postupů, které je podrobena testům a její vysledky jsou porovnány s původním systémem. Systém pro distribuci entropie může dále vylepšit množství entropie v sytémovém jádře o několik řádu, pokud je připojen k vykonému generátoru nahodných dat.
|
|
|
Anonymity in P2P Networks
Brunai, Adam ; Malinka, Kamil (referee) ; Barabas, Maroš (advisor)
Freedom of speech and the right to privacy are maybe the most important elements of a modern society, yet the rights are often violated. This fact was the main reason for writing this thesis covering P2P network models, anonymity, censorship resistance and their use in real P2P networks and publishing systems. We discuss their effectiveness and suitability for specific purposes, but also the security considerations of their use. The second part of this thesis presents the LSPP publishing protocol, which is an library implementation of an anonymous censorship resistant P2P network. Finally, we analyze the proposed protocol and compare it with existing solutions.
|
|
|
Analysis of Automated Generation of Signatures Using Honeypots
Bláha, Lukáš ; Barabas, Maroš (referee) ; Drozd, Michal (advisor)
In this paper, system of automatic processing of attacks using honeypots is discussed. The first goal of the thesis is to become familiar with the issue of signatures to detect malware on the network, especially the analysis and description of existing methods for automatic generation of signatures using honeypots. The main goal is to use the acquired knowledge to the design and implementation of tool which will perform the detection of new malicious software on the network or end user's workstation.
|
|
|
A Tool for Easily Securing Computers with Linux
Barabas, Maroš ; Hanáček, Petr (referee) ; Vojnar, Tomáš (advisor)
The purpose of this thesis is to explain new approaches to scanning and locking vulnerabilities in computer security and to design a new system to improve security of computers running the Linux operating system. The purpose of this system is to analyze remote operating systems and detect and lock down vulnerabilities by existing security standards.
|
guest ::
RSS feed.