|
|
Extended Functionality of Honeypots
Soóky, Peter ; Polčák, Libor (referee) ; Matoušek, Petr (advisor)
Bakalářska práce pod názvem Rozšířené funkce honeypotů je zaměřena na vývoj bezpečnostních systémů určitých typů nazvaných honeypoty. Po představení principů technik honeypotů se zabýva s výhodami ich používaní v porovnaní s inými bezpečnostními systémy. Následne popisuje rozdelení typů honeypotu a ich charakteristiky. Další část je věnován obeznámení nástrojů CONPOT a GLASTOPF. Cílem práce je navrhnút a implementovat rozšíření těchto nástrojů zaměrem ich vylepšení. Součástí popisů jednotlivých rozšíření je představení a analýza problému, implementace a testování navrhnutých rozšíření. Použití rozšíření poskytují užívatelům těchto honeypotů zvýšenú bezpečnost a širší okruh využití. V závěre jsou popsány možnosti dalšího rozšíření.
|
|
|
Amplifying Cyber Threat Intelligence Analysis with Honeypots
Janout, Vladimír ; Gerlich, Tomáš (referee) ; Ricci, Sara (advisor)
Tato práce se věnuje nasazení honeypotů jako zdroje dat pro analýzu kybernetických hrozeb. Za tímto účelem je nakonfigurován honeypot a vystaven v cloudu na internet po určitou dobu pro sběr dat. V další části je navrhnut nástroj v jazyce Python pro dotazování tří zdrojů informací o hrozbách, který slouží k získávání metadat o indikátorech. Užitečnost nástroje je demonstována v praxi tím, že je využit k získávání metadat o indikátorech, které byli extrahovány ze sesbíraných dat. Poslední část práce se zabývá výsledky a trendy v chování útočníků na základě shromážděných a zpracovaných dat. V případové studii se práce zaměřuje na jednu SSH a relaci a výsledkem je zmapování technik útočníků na MITRE ATT&CK model.
|
|
|
Software for Capturing and Intelligent Parsing of Spam
Chlupová, Silvie ; Hranický, Radek (referee) ; Zobal, Lukáš (advisor)
This work deals with the creation of an SMTP honeypot, which will be ready for rapid deployment and will support advanced features. The thesis describes the theory of SMTP protocol, POP3 protocol and IMAP protocol. Furthermore, the work discusses the issue of unsolicited e-mails and the fight against them. The work presents various types of honeypots as well as existing solutions for e-mail honeypots. One of these solutions uses this work as a model. The new honeypot supports authentication, stores e-mails in a directory, from where they are gradually removed and analyzed. Based on the analysis, some e-mails are forwarded to the recipients. It is also possible to install and run the honeypot with one click. Honeypot also supports the destruction of email content to protect users.
|
|
|
Network Attack Analysis Using Honeypots
Galetka, Josef ; Chmelař, Petr (referee) ; Drozd, Michal (advisor)
This text deals with computer network security using honeypot technology, as a tool of intentional trap for attackers. It closely describes basic thoughts, together with advantages and disadvantages of this concept. The main aim is a low interaction honeypot Honeyd, its functionality and possible extensional features. As a practical part of the text there is a description of principles of implementation Honeyd service scripts, which are represented as a simulation of behavior of computer worm Conficker. Further it describes creation of automated script used for analysis and processing of gathered data, captured during actual deployment of Honeyd in Internet network.
|
|
|
Honeypot for wireless communication protocols of IEEE 802.11 family
Řezáč, Michal ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
Objective of this master thesis solves possible way of WiFi Honeypot realisation, which is constructed to detecet malicious network activity and attacks in radio environment that uses a set of IEEE 802.11 protocols. A specific configuration was created on the mITX format motherboard and contains scripts and software for data collection, analysis and its evaluation. Based on information and knowledge about specific network attacks it is possible to identify data traffic leading to anomalies and detect possible network attack. The final device was tested in real use for long-term data collection and evaluation of network activity in the given location. This fulfills the main goal of this work, which is implementation of WiFi Honeypot with support for IEEE 802.11 protocols and with possible deployment for real use.
|
|
| |
|
|
Network Attack Capture Using Honeypots
Mlčoch, Tomáš ; Chmelař, Petr (referee) ; Richter, Jan (advisor)
This bachelor thesis deals with honeypot tools and adapting a Linux operating system into such tool. The thesis presents general categories of malicious codes and current trends in this area. The thesis also presents an existing honeypot tool Honeyd and its features. Next there are introduced tools and techniques to monitor a Linux system, compared the selected virtualization technology and explained the process of creating a virtual Linux honeypot.
|
|
|
Security analysis of network traffic using behavioral signatures
Barabas, Maroš ; Hujňák,, Petr (referee) ; Zelinka,, Ivan (referee) ; Hanáček, Petr (advisor)
This thesis focuses on description of the current state of research in the detection of network attacks and subsequently on the improvement of detection capabilities of specific attacks by establishing a formal definition of network metrics. These metrics approximate the progress of network connection and create a signature, based on behavioral characteristics of the analyzed connection. The aim of this work is not the prevention of ongoing attacks, or the response to these attacks. The emphasis is on the analysis of connections to maximize information obtained and definition of the basis of detection system that can minimize the size of data collected from the network, leaving the most important information for subsequent analysis. The main goal of this work is to create the concept of the detection system by using defined metrics for reduction of the network traffic to signatures with an emphasis on the behavioral aspects of the communication. Another goal is to increase the autonomy of the detection system by developing an expert knowledge of honeypot system, with the condition of independence to the technological aspects of analyzed data (e.g. encryption, protocols used, technology and environment). Defining the concept of honeypot system's expert knowledge in the role of the teacher of classification algorithms creates autonomy of the~system for the detection of unknown attacks. This concept also provides the possibility of independent learning (with no human intervention) based on the knowledge collected from attacks on these systems. The thesis describes the process of creating laboratory environment and experiments with the defined network connection signature using collected data and downloaded test database. The results are compared with the state of the art of the network detection systems and the benefits of the proposed approximation methods are highlighted.
|
|
|
Automated Development of Network Attack Detectors
Huták, Lukáš ; Kováčik, Michal (referee) ; Žádník, Martin (advisor)
The thesis is focused on automated development of network attack detectors. It describes a design of patterns developed for normal and offensive behaviors based on monitoring network traffic of selected services. Patterns are represented by statistics with a focus on suitable metrics. Using machine learning algorithms attack detectors are created from behavioral patterns. Finally, a module was implemented for Nemea system in C/C++ programming language based on the proposal.
|
|
|
Detection of Honeypot Systems in Network
Teknős, Martin ; Drozd, Michal (referee) ; Barabas, Maroš (advisor)
This thesis is focusing on detection of honeypot systems in network. It presents different techniques for detection of honeypot systems and then focuses on three of them: TCP/IP fingerprinting, clock skew estimation and service exercising. A console application was created, to test these selected techniques. The thesis describes a design of the application, its implementation and also presents results of experiments with the application and selected techniques.
|
guest ::
