|
|
Detection of Volumetric DoS and DDoS Attacks in Real Time on the L3 Network Layer
Škápik, Anton ; Grégr, Matěj (referee) ; Holkovič, Martin (advisor)
This bachelor thesis explores and implements capabilities of real-time DoS and DDoS detection. Leveraging NetFlow stream processing tool, the resulting product provides the ability to detect attacks within a few seconds and create rules to mitigate the attack. The rules are converted from an form of records into a flowspec filter that is distributed by BGP between the routers in the monitored network. The program was implemented and tested. The work is written in collaboration with Flowmon Networks a.s., using their proprietary applications for NetFlow record processing.
|
|
|
Detecting DoS and DDoS Attacks Using NetFlow Data
Huňka, Jan ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This thesis deals with using NetFlow data for DoS and DDoS attacks detection. Based on the findings of the analysis of attack traffic a plugin for exporter of the FlowMon probe is implemented. It monitors several heuristics and based on them determines a level of suspicion of the source IP address. During testing, it was verified that the plugin is able to reliably detect large-scale DoS and DDoS attacks on live traffic.
|
|
|
Self Test of FlowMon Probe
Kříž, Blažej ; Kaštil, Jan (referee) ; Kořenek, Jan (advisor)
This thesis deals with development of built-in self-test for FlowMon probe, device for monitoring network traffic based on IP flows. At the begining, both NetFlow technology and the FlowMon probe are described and related terms are summarized. The development itself consists of requirements specification and analysis, design of general testing technique, desing of particular tests, their implementation and solution review.
|
|
|
Software Architecture for Flow Based Monitoring Probe
Špringl, Petr ; Kořenek, Jan (referee) ; Martínek, Tomáš (advisor)
This thesis deals with design and implementation of software architecture for Flexible FlowMon probe, accessories for monitoring high speed computer networks based on IP flows. The probe has been developed in project named Liberouter. There is described flow based monitoring and export formats NetFlow version 5, NetFlow version 9 and IPIFX, which are very widely used. The thesis contains description of hardware part of Flexible FlowMon probe including its requirements for software, which are the base of the whole software architecture. There is detailed description of that part of software architecture which was implemented during the work on this thesis.
|
|
|
Operation System Detection in Network Traffic Using IPFIX
Vymlátil, Martin ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This task deal with detection of operation system in network traffic using IPFIX. The main idea of this task is based on the fingeprinting, when we use information from IP and TCP headers to determine operation system. This data represent a unique signature of the operation system. Based on the information a plugin for the FlowMon probe was designed and implemented. Plugin was tested on live network traffic and pcap files.
|
|
|
Návrh univerzitního firewallu na platformě Cisco
Burian, Jan
The diploma thesis focuses on design of university firewall on Cisco platform. The design deals with important functionalities, which are used in the current solution. These include routing, network address translation, access control lists, VPN. The thesis furher deals with dynamic insertion rules, which are generated based on traffic analysis by Flowmon probe and its ADS module. The new design is implemented in a testing environment and its funcionality is verified. The thesis will serve like feasibility study for final implementation in the production MENDELU network.
|
|
|
Traffic Analysis of Network Protocols Kerberos, NTLM, and SAML 2.0
Krůl, Michal ; Orsák, Michal (referee) ; Tisovčík, Peter (advisor)
This thesis engages the problem consisting of analysis and detection of the attacks carried out on the authentication protocols in the environment of network structures, like those used in big corporations. In~this thesis, the problem is examined in the light of the netflow analysis. Main content of the thesis is a simulation of the attacks targeting network architectures, where the authentication is served by mentioned protocols, and effort to detect these attack by the netflow monitoring. The outcome of this thesis is a draft, how to automatically detect the attacks carried out in the network structures, and plugin for the exporter of the Flowmon sond, the product of Flowmon Networks company, which will be extracting the information needed for the performance of the detection.
|
|
|
Adaptive Sampling of Input Packets Implemented in FlowMon Probe
Kaštovský, Petr ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
There is a FlowMon probe being developed in a Libeouter project that is used for passive network measurements. The probe has better stability and accuracy than sofware based solutions even under a heavy load or network attack. To guarantee a precision of results there is a need to data reduction to prevent measuring system overload. There are few kinds of data reduction. Method used in the FlowMon probe is called sampling. Adaptive sampling unit sets the sampling rate (rate of processed and discarded packets) according to actual state of measured network.
|
|
|
Detection of Volumetric DoS and DDoS Attacks in Real Time on the L3 Network Layer
Škápik, Anton ; Grégr, Matěj (referee) ; Holkovič, Martin (advisor)
This bachelor thesis explores and implements capabilities of real-time DoS and DDoS detection. Leveraging NetFlow stream processing tool, the resulting product provides the ability to detect attacks within a few seconds and create rules to mitigate the attack. The rules are converted from an form of records into a flowspec filter that is distributed by BGP between the routers in the monitored network. The program was implemented and tested. The work is written in collaboration with Flowmon Networks a.s., using their proprietary applications for NetFlow record processing.
|
|
|
Mitigation of Volumetric DDoS Attacks in SDN Environment
Hodes, Vojtěch ; Křepelka, Václav (referee) ; Škorpil, Vladislav (advisor)
The aim of this Master's thesis is to explore different attitudes and to design various monitoring and detection concepts of volumetric DDoS attacks in core networks. The thesis deals with data flow control protocols with an emphasis on a modern technology of Software Defined Networks. The last part of the thesis describes verification of the theory by setting up a laboratory environment for volumetric DDoS UDP Flood simulation, detection and automated mitigation.
|
guest ::
