|
| |
|
|
Anomaly Detection Based on SNMP Communication
Štěpán, Daniel ; Drga, Jozef (referee) ; Očenášek, Pavel (advisor)
The aim of this thesis was to develop a practically applicable set of methods for classification and detection of anomalies in computer network environments. I have created extensions to the network monitoring system in the form of two modules for an open source network monitoring tool based on machine learning. The created modules can learn the characteristics of normal network traffic. The first module, based on the algorithm Random Forest Classifier, detects and is able to classify several known denial-of-service attacks. The second module, based on the algorithm Local Outlier Factor, detects anomalous levels of network traffic. Attacks that the first module is able to classify are the following: TCP SYN flood, UDP flood and ICMP flood. Moreover, it was trained to detect the SSH Bruteforce attacks and the slow and fragmented Slowloris attack. While working on this thesis, I tested the device using the methods mentioned above. The experiments showed that the classification-based module is able to detect known attacks, except for the Slowloris attack, whose characteristics are not very different from normal traffic. The second module sucessfully detects higher levels of network traffic, but does not perform the classification.
|
|
|
Security of Testing Farm Service
Havlín, Jan ; Malinka, Kamil (referee) ; Drga, Jozef (advisor)
This thesis deals with security of Testing Farm Service in Red Hat company. Specifically, it is about unauthorized usage of testing machines for purposes which are not allowed. The need for implementing security measures comes from the fact that users are allowed to run arbitrary code on test machines as the user root. In the implementation part of the thesis, a monitoring agent was created and deployed to the testing machines of the production environment of the service. This system watches transmitted packets, system resources and configuration. Based on these observations, it creates metrics about the system behavior and sends them over to monitoring server Prometheus.
|
|
|
Fitness Map Application
Hrůza, Tomáš ; Drga, Jozef (referee) ; Rozman, Jaroslav (advisor)
As the world continues to evolve and expand, the need for modern solutions rapidly grows. Large portion of the population tends to keep track of their lifestyle which in turn provides an opportunity for companies to create many different fitness devices and applications. The goal of this bachelor's thesis is to provide a new kind of motivation to get out into the world, provided by yet another web application. However this application provides its user with motivation in the form of a minigame - the user travels through the world and the application then calculates the area he captures using a Voronoi diagram based on his route. Another feature the application provides is viewing your routes in a merged, averaged form. This comes in handy when the user would like to approximate his actual route over several different activities. The first part of this bachelor's thesis collects information about different commonly used fitness applications. Out of all those a web application called Strava was chosen as a base for collecting user data. The resulting web application connects to Strava using OAuth and retrieves routes the user has collected using the Strava mobile application. One of the last chapters focuses on describing the implementation details about used and created algorithms. It additionally contains description of scripts which were used to extract data out of OpenStreetMap database and calculate Voronoi regions based on them. To store and search through calculated regions, a MySQL database is used. The application is developed using modern frameworks and is heavily oriented around a comfortable user interface and responsive web design.
|
|
|
OpenSCAP Report: A Tool for Visualizing Security Compliance Inspection Results
Rodák, Jan ; Rozman, Jaroslav (referee) ; Drga, Jozef (advisor)
Cílem práce je vyvinout nástroj pro prezentaci výsledků bezpečnostního skeneru OpenSCAP. SCAP skenery používají standardizované vstupní a výstupní formáty, které nejsou čitelné člověkem. Cílem nástroje je prezentovat výstup SCAP skeneru ve formě interaktivního reportu, který pomůže najít hlavní příčinu selhání bezpečnostních požadavků. Dovolí uživatelům porozumět složení příslušných bezpečnostních kontrol. Report umožní uživatelům OpenSCAP i vývojářům bezpečnostních profilů ladit jejich kontroly. Poskytne pohled na vztahy mezi jednotlivými kontrolami a pomůže pochopit kontext těchto kontrol v rámci bezpečnostních profilů SCAP.
|
|
|
Security of Testing Farm Service
Havlín, Jan ; Malinka, Kamil (referee) ; Drga, Jozef (advisor)
This thesis deals with security of Testing Farm Service in Red Hat company. Specifically, it is about unauthorized usage of testing machines for purposes which are not allowed. The need for implementing security measures comes from the fact that users are allowed to run arbitrary code on test machines as the user root. In the implementation part of the thesis, a monitoring agent was created and deployed to the testing machines of the production environment of the service. This system watches transmitted packets, system resources and configuration. Based on these observations, it creates metrics about the system behavior and sends them over to monitoring server Prometheus.
|
|
|
Fitness Map Application
Hrůza, Tomáš ; Drga, Jozef (referee) ; Rozman, Jaroslav (advisor)
As the world continues to evolve and expand, the need for modern solutions rapidly grows. Large portion of the population tends to keep track of their lifestyle which in turn provides an opportunity for companies to create many different fitness devices and applications. The goal of this bachelor's thesis is to provide a new kind of motivation to get out into the world, provided by yet another web application. However this application provides its user with motivation in the form of a minigame - the user travels through the world and the application then calculates the area he captures using a Voronoi diagram based on his route. Another feature the application provides is viewing your routes in a merged, averaged form. This comes in handy when the user would like to approximate his actual route over several different activities. The first part of this bachelor's thesis collects information about different commonly used fitness applications. Out of all those a web application called Strava was chosen as a base for collecting user data. The resulting web application connects to Strava using OAuth and retrieves routes the user has collected using the Strava mobile application. One of the last chapters focuses on describing the implementation details about used and created algorithms. It additionally contains description of scripts which were used to extract data out of OpenStreetMap database and calculate Voronoi regions based on them. To store and search through calculated regions, a MySQL database is used. The application is developed using modern frameworks and is heavily oriented around a comfortable user interface and responsive web design.
|
|
| |
|
|
Anomaly Detection Based on SNMP Communication
Štěpán, Daniel ; Drga, Jozef (referee) ; Očenášek, Pavel (advisor)
The aim of this thesis was to develop a practically applicable set of methods for classification and detection of anomalies in computer network environments. I have created extensions to the network monitoring system in the form of two modules for an open source network monitoring tool based on machine learning. The created modules can learn the characteristics of normal network traffic. The first module, based on the algorithm Random Forest Classifier, detects and is able to classify several known denial-of-service attacks. The second module, based on the algorithm Local Outlier Factor, detects anomalous levels of network traffic. Attacks that the first module is able to classify are the following: TCP SYN flood, UDP flood and ICMP flood. Moreover, it was trained to detect the SSH Bruteforce attacks and the slow and fragmented Slowloris attack. While working on this thesis, I tested the device using the methods mentioned above. The experiments showed that the classification-based module is able to detect known attacks, except for the Slowloris attack, whose characteristics are not very different from normal traffic. The second module sucessfully detects higher levels of network traffic, but does not perform the classification.
|
guest ::
RSS feed.