|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
|
|
Deployment and Enhancement of Tool for Capturing RDP Attacks
Snášel, Daniel ; Hranický, Radek (referee) ; Zobal, Lukáš (advisor)
Honeypots are widely used in computer security research. Their task consists of assisting security researchers in gaining valuable information about network attackers. This thesis deals with the design and improvement of the existing PyRDP honeypot. First, honeypots in general are described along with the basic concept of those. Then, the issues of the remote desktop and its vulnerability are described. Finally, the improvements of already existing highly interactive PyRDP honeypot are proposed and implemented. This tool has been properly tested and the analyzed data were obtained from its deployment.
|
|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
|
|
Deployment and Enhancement of Tool for Capturing RDP Attacks
Snášel, Daniel ; Hranický, Radek (referee) ; Zobal, Lukáš (advisor)
Honeypots are widely used in computer security research. Their task consists of assisting security researchers in gaining valuable information about network attackers. This thesis deals with the design and improvement of the existing PyRDP honeypot. First, honeypots in general are described along with the basic concept of those. Then, the issues of the remote desktop and its vulnerability are described. Finally, the improvements of already existing highly interactive PyRDP honeypot are proposed and implemented. This tool has been properly tested and the analyzed data were obtained from its deployment.
|
guest ::
RSS feed.