|
|
Design of Methods for Encrypted Traffic Visualization
Hlučková, Pavla ; Martinásek, Zdeněk (referee) ; Malina, Lukáš (advisor)
This thesis deals with design of methods for encrypted traffic visualization. It generally describes selected encrypted traffic protocols, whose data samples were collected later on to form a dataset. Furthermore, it focuses on the topic of IP flow monitoring and decribes the means of carrying out such monitoring. An important part of this thesis is the dataset created from the samples of mentioned protocols and the visualizations of different statistics and metadata gatherable from (extended) IP flows of these protocols. The designed methods of visualization are implemented using the Python programming language and the Jupyter Notebook technology.
|
|
|
Adaptive Sampling of Input Packets Implemented in FlowMon Probe
Kaštovský, Petr ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
There is a FlowMon probe being developed in a Libeouter project that is used for passive network measurements. The probe has better stability and accuracy than sofware based solutions even under a heavy load or network attack. To guarantee a precision of results there is a need to data reduction to prevent measuring system overload. There are few kinds of data reduction. Method used in the FlowMon probe is called sampling. Adaptive sampling unit sets the sampling rate (rate of processed and discarded packets) according to actual state of measured network.
|
|
|
Optimization of network flow monitoring
Žádník, Martin ; Lhotka,, Ladislav (referee) ; Matoušek, Radomil (referee) ; Sekanina, Lukáš (advisor)
The thesis deals with optimization of network flow monitoring. Flow-based network traffic processing, that is, processing packets based on some state information associated to the flows which the packets belong to, is a key enabler for a variety of network services and applications. The number of simultaneous flows increases with the growing number of new services and applications. It has become a challenge to keep a state per each flow in a network device processing high speed traffic. A flow table, a structure with flow states, must be stored in a memory hierarchy. The memory closest to the processing is known as a flow cache. Flow cache management plays an important role in terms of its effective utilization, which affects the performance of the whole system. This thesis focuses on an automated design of cache replacement policy optimized to a deployment on particular networks. A genetic algorithm is proposed to automate this process. The genetic algorithm generates and evaluates evolved replacement policies by a simulation on obtained traffic traces. The proposed algorithm is evaluated by designing replacement policies for two variations of the cache management problem. The first variation is an evolution of the replacement policy with an overall low number of state evictions from the flow cache. The second variation represents an evolution of the replacement policy with a low number of evictions belonging to large flows only. Optimized replacement policies for both variations are found while experimenting with various encoding of the replacement policy and genetic operators. The newly evolved replacement policies achieve better results than other tested policies. The evolved replacement policy lowers the overall amount of evictions by ten percent in comparison with the best compared policy. The evolved replacement policy focusing on large flows lowers the amount of their evictions two times. Moreover, no eviction occurs for most of the large flows (over 90%). The evolved replacement policy offers better resilience against flooding the flow cache with large amount of short flows which are typical side effects of scanning or distributed denial of service activities. An extension of the replacement policy is also proposed. The extension complements the replacement policy with an additional information extracted from packet headers. The results show further decrease in the number of evictions when the extension is used.
|
|
|
Self Test of FlowMon Probe
Kříž, Blažej ; Kaštil, Jan (referee) ; Kořenek, Jan (advisor)
This thesis deals with development of built-in self-test for FlowMon probe, device for monitoring network traffic based on IP flows. At the begining, both NetFlow technology and the FlowMon probe are described and related terms are summarized. The development itself consists of requirements specification and analysis, design of general testing technique, desing of particular tests, their implementation and solution review.
|
|
|
Design of Probe for Flow Based Monitoring
Žádník, Martin ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
This thesis deals with the design and implementation of a monitoring probe intended for IP flow measurements in high-speed networks. The probe is based on commodity PC and network acceleration card. The monitoring process is partitioned between these two platforms. The thesis explores ways of mapping flow monitoring algorithms to hardware or software implementations. Several improvements are suggested to increase performance and functionality of the probe. Two level memory hierarchy increases the performance whereas autoconfiguration and adaptation of control parameters contribute to its robustness. The definition of variable flow-record allows to customize monitored statistics about the network. Analysis and simulations of proposed architecture indicate that the probe is suitable for monitoring of ten gigabit networks.
|
|
|
Design of Probe for Flow Based Monitoring
Soľanka, Lukáš ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
This thesis deals with design and implementation of a flow based monitoring probe. The monitoring task performed by the probe is divided into hardware layer, which is capable of measurement at high packet rates, and software layer, which provides large memory for flow storage. Analysis done in the work shows that this concept offers many advantages when compared to software based flow monitoring applications. The probe is designed to be used with a hardware accelerator card and offers high flexibility and performance by a way of user defined monitoring process. The designed system has been implemented and thoroughly tested and is ready for deployment for tasks such as operational monitoring, network traffic classification, anomalies and attacks detection and many others.
|
|
|
Software Architecture for Flow Based Monitoring Probe
Špringl, Petr ; Kořenek, Jan (referee) ; Martínek, Tomáš (advisor)
This thesis deals with design and implementation of software architecture for Flexible FlowMon probe, accessories for monitoring high speed computer networks based on IP flows. The probe has been developed in project named Liberouter. There is described flow based monitoring and export formats NetFlow version 5, NetFlow version 9 and IPIFX, which are very widely used. The thesis contains description of hardware part of Flexible FlowMon probe including its requirements for software, which are the base of the whole software architecture. There is detailed description of that part of software architecture which was implemented during the work on this thesis.
|
|
|
Interactive Web Interface for IP Flow Data
Salač, Radek ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This thesis describes development of application for analyzing IP flow data. The author conducts relative comparison of already existing protocols and tools and studies theirs pro's and con's. Based on this comparison and features requested by users, author develops his own application primarly focused on interactive and user-friendly interface for working with IP flow data.
|
|
|
Memory Reduction of Stateful Network Traffic Processing
Hlaváček, Martin ; Puš, Viktor (referee) ; Kořenek, Jan (advisor)
This master thesis deals with the problems of memory reduction in the stateful network traffic processing. Its goal is to explore new possibilities of memory reduction during network processing. As an introduction this thesis provides motivation and reasons for need to search new method for the memory reduction. In the following part there are theoretical analyses of NetFlow technology and two basic methods which can in principle reduce memory demands of stateful processing. Later on, there is described the design and implementation of solution which contains the application of these two methods to NetFlow architecture. The final part of this work summarizes the main properties of this solution during interaction with real data.
|
|
|
Compression of IP Flow Records
Kaščák, Andrej ; Kajan, Michal (referee) ; Žádník, Martin (advisor)
My Master's thesis deals with the problems of flow compression in network devices. Its outcome should alleviate memory consumption of the flows and simplify the processing of network traffic. As an introduction I provide a description of protocols serving for data storage and manipulation, followed by discussion about possibilities of compression methods that are employed nowadays. In the following part there is an in-depth analysis of source data that shows the structure and composition of the data and brings up useful observations, which are later used in the testing of existing compression methods, as well as about their potential and utilization in flow compression. Later on, I venture into the field of lossy compression and basing on the test results a new approach is described, created by means of flow clustering and their subsequent lossy compression. The conclusion contains an evaluation of the possibilities of the method and the final summary of the thesis along with various suggestions for further development of the research.
|
guest ::
