|
|
Mitigation of DoS Attacks Using Machine Learning
Goldschmidt, Patrik ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
Útoky typu odoprenia služby (DDoS) sú v dnešných počítačových sieťach stále frekventovanejším bezpečnostným incidentom. Táto práca sa zameriava na detekciu týchto útokov a poskytnutie relevantných informácii za účelom ich mitigácie v reálnom čase. Spomínaná funkcionalita je dosiahnutá s využitím techník prúdového dolovania z dát a strojového učenia. Výsledkom práce je sada nástrojov zastrešujúca celý proces strojového učenia - od vlastnej extrakcie príznakov cez predspracovanie dát až po export natrénovaného modelu pripraveného na nasadenie v produkcii. Experimentálne výsledky vyhodnotené na viacerých reálnych a syntetických dátových sadách poukazujú na presnosť systému väčšiu ako 99% s možnosťou spoľahlivej detekcie prebiehajúceho útoku do 4 sekúnd od jeho začiatku.
|
|
|
Inference of DDoS Mitigation Rules
Belko, Erik ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This thesis deals with DDoS attacks, their specific types and ways of mitigating them. The aim of the thesis is to propose a method for inferring a pattern from a packet payload for subsequent DDoS attack mitigation and implement it. The chosen method uses the partitioning of the packet payload into N-grams to infer the pattern. The method utilizes samples with data captured during legitimate traffic and during a DDoS attack. Other proposed methods are also described in the thesis and experiments are performed with the selected method over data of different sizes.
|
|
|
Deriving DDoS Mitigation Rules
Hurta, Marek ; Krobot, Pavel (referee) ; Žádník, Martin (advisor)
This thesis is aimed at monitoring of computer networks using NetFlow data. It describes main aspects of detection network anomalies using IDS systems. Next part describes Nemea framework, which is used for creating modules. These modules are able to detect network incidents and attacks. Following chapters contain a brief overview of common network attacks with their specific remarks which can help in process of their detection. Based on this analysis, the concept of mitigation rules was created. These rules can be used for mitigation of DDoS attack. This method was tested on several data sets and it produced multiple mitigation rules. These rules were applied on data sets and they marked most of the suspicious flows.
|
|
|
Optimization of DDoS Mitigation Rule Inference
Carasec, Elena ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
Tato práce se zabývá možností využití algoritmů strojového učení pro ochranu proti DDoS útokům. Pro klasické a inkrementální (online) učení jsou uvažovány vysvětlitelné metody učení s učitelem, zejména rozhodovací stromy. Dále jsou představeny některé možné optimalizace pro zvýšení přesnosti klasifikace provozu a snížení množství blokovaného legitimního provozu.
|
|
|
Network Protection Using NetFlow Data
Čegan, Jakub ; Žádník, Martin (referee) ; Tobola, Jiří (advisor)
This thesis deals with the using of NetFlow data for computer network protection. First are described some types of network security threats. After study of these threats and many experiments were designed detection rules for them. New detection form were designed too. It is working with two step detection of threats.
|
|
|
Optimization of DDoS Mitigation Rule Inference
Carasec, Elena ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
Tato práce se zabývá možností využití algoritmů strojového učení pro ochranu proti DDoS útokům. Pro klasické a inkrementální (online) učení jsou uvažovány vysvětlitelné metody učení s učitelem, zejména rozhodovací stromy. Dále jsou představeny některé možné optimalizace pro zvýšení přesnosti klasifikace provozu a snížení množství blokovaného legitimního provozu.
|
|
|
Inference of DDoS Mitigation Rules
Belko, Erik ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This thesis deals with DDoS attacks, their specific types and ways of mitigating them. The aim of the thesis is to propose a method for inferring a pattern from a packet payload for subsequent DDoS attack mitigation and implement it. The chosen method uses the partitioning of the packet payload into N-grams to infer the pattern. The method utilizes samples with data captured during legitimate traffic and during a DDoS attack. Other proposed methods are also described in the thesis and experiments are performed with the selected method over data of different sizes.
|
|
|
Mitigation of DoS Attacks Using Machine Learning
Goldschmidt, Patrik ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
Útoky typu odoprenia služby (DDoS) sú v dnešných počítačových sieťach stále frekventovanejším bezpečnostným incidentom. Táto práca sa zameriava na detekciu týchto útokov a poskytnutie relevantných informácii za účelom ich mitigácie v reálnom čase. Spomínaná funkcionalita je dosiahnutá s využitím techník prúdového dolovania z dát a strojového učenia. Výsledkom práce je sada nástrojov zastrešujúca celý proces strojového učenia - od vlastnej extrakcie príznakov cez predspracovanie dát až po export natrénovaného modelu pripraveného na nasadenie v produkcii. Experimentálne výsledky vyhodnotené na viacerých reálnych a syntetických dátových sadách poukazujú na presnosť systému väčšiu ako 99% s možnosťou spoľahlivej detekcie prebiehajúceho útoku do 4 sekúnd od jeho začiatku.
|
|
|
Deriving DDoS Mitigation Rules
Hurta, Marek ; Krobot, Pavel (referee) ; Žádník, Martin (advisor)
This thesis is aimed at monitoring of computer networks using NetFlow data. It describes main aspects of detection network anomalies using IDS systems. Next part describes Nemea framework, which is used for creating modules. These modules are able to detect network incidents and attacks. Following chapters contain a brief overview of common network attacks with their specific remarks which can help in process of their detection. Based on this analysis, the concept of mitigation rules was created. These rules can be used for mitigation of DDoS attack. This method was tested on several data sets and it produced multiple mitigation rules. These rules were applied on data sets and they marked most of the suspicious flows.
|
|
|
Protection against DDoS attacks in the cloud computing
Vavroch, Zdeněk ; Karkošková, Soňa (advisor) ; Jelínek, Ivan (referee)
DDoS Attacks are nowadays huge threat on the internet. Many people and companies are dependent on accessibility of their data, services or applications. And that is what attackers try to abuse. In some cases, site or application that is not working, can make very bad name for the company in public. DDoS attacks are dangerous for people working at home, for corporate networks and mainly for huge clouds. Cloud are often targets of attacks because of how many people are affected by it. This thesis is focused on types of DDoS attacks we know and goal of the thesis is to find best defense solutions, mainly for defending the cloud computing. I will choose and describe the most common methods we know and use. In theoretical part I will describe what is cloud computing and DDoS attacks and what types of DDoS we know. In practical part I will describe the most common and efficient methods of defense.
|
guest ::
