|
|
Optimalizace systému Suricata zredukovaním mezivláknových závislostí
Kríž, Adam ; Setinský, Jiří (referee) ; Šišmiš, Lukáš (advisor)
In the age of the internet, connection to the global network is possible from almost any type of device. Just to name a few: a fridge, a front door, a smart watches and more. With the growing number of devices that require an internet connection, the security and protection of the user's privacy comes to the foreground. One of the solutions that can be ensured network protection is Suricata, which is used to detect network threats and events. It can deploy as a monitoring system or it can be an active prevention system. Aim of this work will be optimizing the Suricata system in IDS mode (Intrusion Detection System ). As a result of the work, certain data structures will be changed, which will reduce cross-thread dependencies. The result will be an expected increase in performance in the form of savings processor time and increasing the volume of processed packets at the same time. Achieved results will be described in detail and evaluated at the end of the bachelor's thesis.
|
|
|
Detection of Harmfulness of Communication Partners and Their Networks
Kučera, Rostislav ; Homoliak, Ivan (referee) ; Očenášek, Pavel (advisor)
With the growing dependence of the population on electronic devices, the risk of data loss or misuse also increases. As the number of attacks in computer networks rises, systems for detecting malicious traffic become more important. The goal of this work is a theoretical analysis and implementation of modules for detecting malicious computer communication using machine learning methods, specifically a neural network model, and statistical analysis, which are deployed within the extended intrusion detection system Snort.
|
|
|
Accelerating Suricata with pattern-matching metadata
Tobolík, David ; Kekely, Lukáš (referee) ; Šišmiš, Lukáš (advisor)
Suricata je aplikace pro monitorování sítí, která prohledává pakety pomocí sady pravidel pro rozpoznání vzorů v síťovém provozu a v případě, že detekuje podezřelou aktivitu, vyvolá upozornění. Pro porovnávání vzorů Suricata využívá pattern-matching, což je proces náročný na výpočetní zdroje a tvoří většinu času běhu aplikace. Tato práce se zaměřuje na návrh nové komponenty, která si klade za cíl snížit množství porovnávaných vzorů v systému Suricata pomocí přibližného vyhledávání vzorů v aplikaci zvané DPDK Prefilter, která slouží k simulaci specializovaného hardware pomocí softwarové implementace. Nová komponenta přidává vyhledávací metadata k paketům, která jsou v Suricatě použita k potenciálnímu přeskočení pattern-matchingu v případě, že byl paket zkontrolován v DPDK Prefilteru a nebyly nalezeny žádné vzory. Implementace využívá DPDK pro meziprocesovou komunikaci a sdílení dat, pro pattern-matching byl použit Hyperscan. V rámci práce byly navrženy a implementovány různé typy vyhledávacích metadat a některé z nich dokázaly vylepšit výkon Suricaty díky snížení množství pattern-matchingu.
|
|
|
Machine Learning from Intrusion Detection Systems
Dostál, Michal ; Očenášek, Pavel (referee) ; Hranický, Radek (advisor)
The current state of intrusion detection tools is insufficient because they often operate based on static rules and fail to leverage the potential of artificial intelligence. The aim of this work is to enhance the open-source tool Snort with the capability to detect malicious network traffic using machine learning. To achieve a robust classifier, useful features of network traffic were choosed, extracted from the output data of the Snort application. Subsequently, these traffic features were enriched and labeled with corresponding events. Experiments demonstrate excellent results not only in classification accuracy on test data but also in processing speed. The proposed approach and the conducted experiments indicate that this new method could exhibit promising performance even when dealing with real-world data.
|
|
| |
|
|
System Log Analysis
Ščotka, Jan ; Peringer, Petr (referee) ; Smrčka, Aleš (advisor)
The goal of this master thesis is to make possible to perform system log analysis in more general way than well-known host-based instrusion detection systems (HIDS). The way how to achieve this goal is via proposed user-friendly regular expressions. This thesis deals with making regular expressions possible to use in the field of log analysis, and mainly by users unfamiliar with formal aspects of computer science.
|
|
|
Advanced methods of filtering network traffic in the Linux system
Peša, David ; Komosný, Dan (referee) ; Kacálek, Jan (advisor)
This master's thesis is meant to provide techniques in designing and building a standalone packet filtering firewall in Linux machines, mainly for small sites who don’t give much service to Internet users. It deals with attenuating the effect of the most common types of attacks using iptables. It guides how to design, implement, run, and maintain Firewall. Techniques for continuously monitoring attacks is attempted. It also give a historical, architectural and technical overview of firewalls and security attacks.
|
|
|
Methods for Network Traffic Classification
Jacko, Michal ; Ovšonka, Daniel (referee) ; Barabas, Maroš (advisor)
This paper deals with a problem of detection of network traffic anomaly and classification of network flows. Based on existing methods, paper describes proposal and implementaion of a tool, which can automatically classify network flows. The tool uses CUDA platform for network data processing and computation of network flow metrics using graphics processing unit. Processed flows are subsequently classified by proposed methods for network anomaly detection.
|
|
| |
|
|
Eluding and Evasion of IDS Systems
Černý, Marek ; Tobola, Jiří (referee) ; Žádník, Martin (advisor)
This paper analyzes network security devices called intrusion detection (ID) systems. In order to point out possible flaws, especially ID systems using signature analysis are examined. Based on this, methods to exploit possible vulnerabilities of these systems were designed. These methods were implemented into a simple program for ID systems efficiency evaluation. It can be used in a way entirely independent of particular network attack used in the test.
|
guest ::
