|
|
Detection of Malicious Domain Names
Setinský, Jiří ; Perešíni, Martin (referee) ; Tisovčík, Peter (advisor)
The bachelor thesis deals with the detection of artificially generated domain names (DGA). The generated addresses serve as a means of communication between the attacker and the infected computer. By detection, we can detect and track infected computers on the network. The detection itself is preceded by the study of machine learning techniques, which will then be applied in the creation of the detector. To create the final classifier in the form of a decision tree, it was necessary to analyze the principle of DGA addresses. Based on their characteristics, the attributes were extracted, according to which the final classifier will be decided. After learning the classification model on the training set, the classifier was implemented in the target platform NEMEA as a detection module. After final optimizations and testing, we achieved a accuracy of the classifier of 99%, which is a very positive result. The NEMEA module is ready for real-world deployment to detect security incidents. In addition to the NEMEA module, another model was created to predict the accuracy of datasets with domain names. The model is trained based on the characteristics of the dataset and the accuracy of the DGA detector, whose behavior we want to predict.
|
|
|
Malicious Domains Detection Using Analysis of DNS Traffic
Podešvová, Vlasta ; Bartoš, Václav (referee) ; Kováčik, Michal (advisor)
The aim of this bachelor's thesis is to design, implement and test a system for malicious domain detection in data sets obtained from real network traffic. It is aimed specifically on detection of DGA botnet activities. This detection is provided by analysis of domain name syntax. Part of the solution is focused at building a model from a set of legal domain names. This model is used for domain name syntax analysis and user of the final system is allowed to choose his own model data. Overall this thesis brings a view on the efficiency of implemented methods of malicious domain detection.
|
|
|
Artificial Intelligence in Power Oil Transformers Diagnostics
Janda, Ondřej ; Szabó,, Radek (referee) ; Kratochvíl, Petr (referee) ; Hammer, Miloš (advisor)
This dissertation thesis deals with the application of expert systems and soft computing methods in field of power oil transformers. The main work is divided into theoretical and practical part. First, the theoretical part presents the basic elements of the transformer, and approaches to its diagnosis. The work focused mainly on the diagnostics of the insulation system, and diagnostic methods and approaches in this specific area. Next part describes the basics of expert systems and other soft computing methods such as: fuzzy logic, neural networks, genetic algorithms and their combinations and extensions. At the end of the theoretical part, the possibility of optimization approaches by means of artificial intelligence and its application in fuzzy model optimization are described. The practical part begins with description of the used data file that runs through the entire work. The work is then divided into four parts, namely in parts which deal with the expert system for transformer diagnostics, DGA module, prediction module, and optimization using artificial intelligence. The section describing the expert system gives specific information about the particular expert system. The means and techniques used for constructing given system are described, and then the complete system design and description of all subsystems and modules are presented. The next section describes the developed DGA module and all selected approaches to its implementation and expansion. At the end of the chapter, the results of comparison between all implemented methods are evaluated. The third part deals with the prediction module and describes its design and construction, including description of the main parts which are based on the selected predictive approaches. Also, the predictions of selected quantities from the data file are included. There are two predictive approaches being used: the one step prediction, and the multiple step prediction. The comparison of prediction accuracy and computational cost of given methods is presented at the end of this chapter. The last part deals with the possibilities of optimization using artificial intelligence methods, namely differential evolution, PSO, and genetic algorithms. Both the single-objective and the multi-objective optimization are considered. The methods are compared in a series of synthetic tests and then applied to optimize the fuzzy models of DGA tests from an earlier part of this work. The dissertation also includes chapters: "The Aims", "The Contribution of the Work", and a list of publications, products, and projects of the author.
|
|
|
Classification of Domain Names Generated by DGA
Bučko, Filip ; Žádník, Martin (referee) ; Hranický, Radek (advisor)
The DGA (Domain Generation Algorithm) is a technique that allows malware to receive commands from an attacker while avoiding detection. The main objective of this thesis is to build a system for the detection and classification of DGA domains in order to uncover malicious communication. For the purpose of detection, a binary classifier based on machine learning is designed and implemented in this work. Classification plays a crucial role in the automated analysis of malware and thus ensures proactive defense. Additionally, 4 classifiers based on different approaches are introduced for the classification of domains into DGA families. Subsequently, the advantages and disadvantages of presented approaches are identified. The final implementation of multi-class classification consists of a combination of classifiers that provide the best results. Furthermore, this work identifies characteristics specific to DGA domains that are necessary for the creation of classifiers. Testing the resulting implementation of classifiers demonstrates high accuracy in both DGA domain detection and classification.
|
|
|
Data Sets for Network Security
Setinský, Jiří ; Hranický, Radek (referee) ; Tisovčík, Peter (advisor)
In network security, machine learning techniques are used to effectively detect anomalies and malware in network traffic. A quality dataset is needed to train a network classifier with high accuracy. The aim of this paper is to modify the dataset using machine learning techniques to improve the quality of the dataset which will lead to training the model with a higher accuracy. The dataset is analyzed by a clustering algorithm and each cluster is characterized by a statistical description resulting from the attributes of the input dataset. The statistical description along with the information of the original classifier is used to compute the score. The score serves as a weight in the modification phase. Cluster analysis allows to filter out the data that are important for training the final model. The proposed approach allows us to mitigate the redundancy of the dataset or to augment it with missing data. The result is a modification framework that is able to reduce the datasets or perform their aggregation in order to create a compact dataset that reflects the actual network traffic. Models were trained on the created datasets and achieved higher accuracy compared to the existing solution.
|
|
|
Personal data as a commodity
Juřičková, Jelizaveta ; Kučera, Zdeněk (advisor) ; Friedel, Tomáš (referee)
in English Abstract The thesis aims to fathom different aspects of the commodification of personal data. The topic is an issue of current interest. On one hand, due to the constant improvement of the technology of collecting and processing personal data, individuals are becoming very vulnerable. Techniques of influencing their thinking and decision-making based on their personal data have become so subtle and insidious that they often go unnoticed by the individuals. On the other hand, the development of the data economy can contribute to many goals that benefit society. This paper aims to answer two research questions. The first research question is how to guarantee the secure processing of personal data and to eliminate negative impacts on the subject and on society. The second research question concerns both ensuring adequate access of digital industry to personal data and empowering the data subject. Given the complexity of the issue and the confusion about the meaning and interpretation of basic concepts such as personal data and information, it is necessary to first briefly outline the nature and characteristics of personal data. The next two chapters analyse the legal means to achieve the objectives set out in the research questions. The final chapter provides a summary of recommendations on...
|
|
|
Detection of Malicious Domain Names
Setinský, Jiří ; Perešíni, Martin (referee) ; Tisovčík, Peter (advisor)
The bachelor thesis deals with the detection of artificially generated domain names (DGA). The generated addresses serve as a means of communication between the attacker and the infected computer. By detection, we can detect and track infected computers on the network. The detection itself is preceded by the study of machine learning techniques, which will then be applied in the creation of the detector. To create the final classifier in the form of a decision tree, it was necessary to analyze the principle of DGA addresses. Based on their characteristics, the attributes were extracted, according to which the final classifier will be decided. After learning the classification model on the training set, the classifier was implemented in the target platform NEMEA as a detection module. After final optimizations and testing, we achieved a accuracy of the classifier of 99%, which is a very positive result. The NEMEA module is ready for real-world deployment to detect security incidents. In addition to the NEMEA module, another model was created to predict the accuracy of datasets with domain names. The model is trained based on the characteristics of the dataset and the accuracy of the DGA detector, whose behavior we want to predict.
|
|
|
Malicious Domains Detection Using Analysis of DNS Traffic
Podešvová, Vlasta ; Bartoš, Václav (referee) ; Kováčik, Michal (advisor)
The aim of this bachelor's thesis is to design, implement and test a system for malicious domain detection in data sets obtained from real network traffic. It is aimed specifically on detection of DGA botnet activities. This detection is provided by analysis of domain name syntax. Part of the solution is focused at building a model from a set of legal domain names. This model is used for domain name syntax analysis and user of the final system is allowed to choose his own model data. Overall this thesis brings a view on the efficiency of implemented methods of malicious domain detection.
|
|
|
Artificial Intelligence in Power Oil Transformers Diagnostics
Janda, Ondřej ; Szabó,, Radek (referee) ; Kratochvíl, Petr (referee) ; Hammer, Miloš (advisor)
This dissertation thesis deals with the application of expert systems and soft computing methods in field of power oil transformers. The main work is divided into theoretical and practical part. First, the theoretical part presents the basic elements of the transformer, and approaches to its diagnosis. The work focused mainly on the diagnostics of the insulation system, and diagnostic methods and approaches in this specific area. Next part describes the basics of expert systems and other soft computing methods such as: fuzzy logic, neural networks, genetic algorithms and their combinations and extensions. At the end of the theoretical part, the possibility of optimization approaches by means of artificial intelligence and its application in fuzzy model optimization are described. The practical part begins with description of the used data file that runs through the entire work. The work is then divided into four parts, namely in parts which deal with the expert system for transformer diagnostics, DGA module, prediction module, and optimization using artificial intelligence. The section describing the expert system gives specific information about the particular expert system. The means and techniques used for constructing given system are described, and then the complete system design and description of all subsystems and modules are presented. The next section describes the developed DGA module and all selected approaches to its implementation and expansion. At the end of the chapter, the results of comparison between all implemented methods are evaluated. The third part deals with the prediction module and describes its design and construction, including description of the main parts which are based on the selected predictive approaches. Also, the predictions of selected quantities from the data file are included. There are two predictive approaches being used: the one step prediction, and the multiple step prediction. The comparison of prediction accuracy and computational cost of given methods is presented at the end of this chapter. The last part deals with the possibilities of optimization using artificial intelligence methods, namely differential evolution, PSO, and genetic algorithms. Both the single-objective and the multi-objective optimization are considered. The methods are compared in a series of synthetic tests and then applied to optimize the fuzzy models of DGA tests from an earlier part of this work. The dissertation also includes chapters: "The Aims", "The Contribution of the Work", and a list of publications, products, and projects of the author.
|
guest ::
