|
|
Generating of DNS Service Attacks
Tutko, Jakub ; Bartoš, Václav (referee) ; Kováčik, Michal (advisor)
Availability and security are the most important requirements for Internet services. It is therefore necessary to detect the network anomalies, which have the greatest impact on these requirements. Therefore the great emphasis must be placed on development of detection mechanisms that keep pace with increasingly sophisticated network anomalies. The aim of this work is to analyze and replicate the most common DNS service attacks. Collected data from these attack generators can be used for better understanding of their behavior, what leads to improved and more effective detection mechanisms.
|
|
|
Reputation of Malicious Traffic Sources
Bartoš, Václav ; Lhotka,, Ladislav (referee) ; Vozňák, Miroslav (referee) ; Kořenek, Jan (advisor)
An important part of maintaining network security is collecting and processing information about cyber threats, both from network operator's own detection tools and from third parties. A commonly used type of such information are lists of network entities (IP addresses, domains, URLs, etc.) which were identified as malicious. However, in many cases, the simple binary distinction between malicious and non-malicious entities is not sufficient. It is beneficial to keep other supplementary information for each entity, which describes its malicious activities, and also a summarizing score, which evaluates its reputation numerically. Such a score allows for quick comprehension of the level of threat the entity poses and allows to compare and sort entities. The goal of this work is to design a method for such summarization. The resulting score, called Future Maliciousness Probability (FMP score), is a value between 0 and 1, assigned to each suspicious network entity, expressing the probability that the entity will do some kind of malicious activity in a near future. Therefore, the scoring is based of prediction of future attacks. Advanced machine learning methods are used to perform the prediction. Their input is formed by previously received alerts about security events and other relevant data related to the entity. The method of computing the score is first described in a general way, usable for any kind of entity and input data. Then a more concrete version is presented for scoring IPv4 address by utilizing alerts from an alert sharing system and supplementary data from a reputation database. This variant is then evaluated on a real world dataset. In order to get enough amount and quality of data for this dataset, a part of the work is also dedicated to the area of security analysis of network data. A framework for analysis of flow data, NEMEA, and several new detection methods are designed and implemented. An open reputation database, NERD, is also implemented and described in this work. Data from these systems are then used to evaluate precision of the predictor as well as to evaluate selected use cases of the scoring method.
|
|
| |
|
|
Network Anomaly Detection Based on PCA
Krobot, Pavel ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with subject of network anomaly detection. The method, which will be described in this thesis, is based on principal component analysis. Within the scope of this thesis original design of this method was studied. Another two extensions of this basic method was studied too. Basic version and last extension was implemented with one little additional extension. This one was designed in this thesis. There were series of tests made above this implementation, which provided two findings. First, it shows that principal component analysis could be used for network anomaly detection. Second, even though the proposed method seems to be functional for network anomaly detection, it is still not perfect and additional research is needed to improve this method.
|
|
|
Network Anomaly Detection
Bartoš, Václav ; Kořenek, Jan (referee) ; Žádník, Martin (advisor)
This work studies systems and methods for anomaly detection in computer networks. At first, basic categories of network security systems and number of methods used for anomaly detection are briefly described. The core of the work is an optimization of the method based on detection of changes in distributions of packet features originally proposed by Lakhina et al. This method is described in detail and two optimizations of it are proposed -- first is focused to speed and memory efficiency, second improves its detection capabilities. Next, a software created to test these optimizations is briefly described and results of experiments on real data with artificially generated and also real anomalies are presented.
|
|
|
Detection of Slow HTTP DoS Attacks
Jakubíček, Patrik ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with the detection of Slowloris attack. Based on the findings a detection module for Nemea system is implemented. It analyzes flow records and performs attack detection. Tests have verified that the module can work in real deployment and detect Slowloris attack quite successfully.
|
|
|
Proposal for a Change in the Employee Remuneration System in a Selected Company
Malošková, Martina ; Bartoš, Václav (referee) ; Lajtkepová, Eva (advisor)
Subject of this thesis is employees’ evaluation, remuneration and motivation in a particular company. In order to properly motivate employees, must be a system of evaluation and remuneration fair and understandable to employees. The aim of this work is based on theoretical knowledge gained in the first part and analysis of combination compensation in part two, suggest a more efficient system of employees’ reward and motivation. This should lead to greater satisfaction and improved employee service and thus to improve company performance.
|
|
| |
|
|
Extraction of Available Information from SSH Protocol Headers
Ďurčanský, Norbert ; Bartoš, Václav (referee) ; Kořenek, Jan (advisor)
This paper analyzes issue regarding to extraction of available information from SSH protocol. To achieve this aim, knowledge about SSH protocol were used to implement plugin for FlowMon exporter. During the testing plugin was tested on real network and validated in terms of stability, efficiency and accuracy. The result plugin allows us to extract information from SSH protocol and futher analysis without decryption of traffic.
|
|
|
Graphical Tool for IPv6 Packet Generation
Jochec, Jakub ; Bartoš, Václav (referee) ; Puš, Viktor (advisor)
This thesis is targeted on creation of graphic interface for generating IPv6 packets which can be used for creation of correct packets with different options. It describes TCP/IP model of network and IPv6 including extension headers. In next part is presented some of existing tools for IPv6 packet generating. Last part includes user interface design and implementation using Python and wxPython and Scapy libraries.
|
guest ::
RSS feed.