|
|
Accelerating Suricata with pattern-matching metadata
Tobolík, David ; Kekely, Lukáš (referee) ; Šišmiš, Lukáš (advisor)
Suricata je aplikace pro monitorování sítí, která prohledává pakety pomocí sady pravidel pro rozpoznání vzorů v síťovém provozu a v případě, že detekuje podezřelou aktivitu, vyvolá upozornění. Pro porovnávání vzorů Suricata využívá pattern-matching, což je proces náročný na výpočetní zdroje a tvoří většinu času běhu aplikace. Tato práce se zaměřuje na návrh nové komponenty, která si klade za cíl snížit množství porovnávaných vzorů v systému Suricata pomocí přibližného vyhledávání vzorů v aplikaci zvané DPDK Prefilter, která slouží k simulaci specializovaného hardware pomocí softwarové implementace. Nová komponenta přidává vyhledávací metadata k paketům, která jsou v Suricatě použita k potenciálnímu přeskočení pattern-matchingu v případě, že byl paket zkontrolován v DPDK Prefilteru a nebyly nalezeny žádné vzory. Implementace využívá DPDK pro meziprocesovou komunikaci a sdílení dat, pro pattern-matching byl použit Hyperscan. V rámci práce byly navrženy a implementovány různé typy vyhledávacích metadat a některé z nich dokázaly vylepšit výkon Suricaty díky snížení množství pattern-matchingu.
|
|
|
Distributed Tool for Extraction of Information from Network Flows
Sedlák, Michal ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
This work deals with the extraction of information from flow records that are the result of network monitoring by the IPFIX system. The goal of the work is to design a tool that allows querying stored network flows created by the open-source collector IPFIXcol2. Querying is performed with the highest possible efficiency and performance in mind, which is achieved by using appropriate data structures and thread-level parallelization, as well as by using multiple machines.
|
|
|
Information System for Fair User Policy Management
Horčička, Jakub ; Kaštovský, Petr (referee) ; Tobola, Jiří (advisor)
This bachelor thesis presents methods for monitoring network activity with an aim to Cisco Systems NetFlow technology. Following chapters describe implementation of an information system that uses this technology especially for making the stats about particular users and allows checking of rules and data limits determined in ofeered tarifes.
|
|
|
Web Portal for Network Traffic Reporting
Krebs, Lukáš ; Straka, Martin (referee) ; Tobola, Jiří (advisor)
The thesis deals with creating a web portal for generating statistics about the network traffic. There is presented the NetFlow technology, which is used in this thesis. Then there is described tho whole development process from analysis, design and implementation of the system to its testing. The whole program is created in languages XHTML, CSS, PHP and uses a MySQL database for a data storage. For a data mining is used NfDump.
|
|
|
Monitoring Service Properties of an IPFIX Collector
Kala, Jan ; Žádník, Martin (referee) ; Wrona, Jan (advisor)
This bachelor's thesis addresses possible ways of monitoring IPFIX collector, which is used for the collection of metadata about network traffic. The thesis briefly introduces the pro- blematics of monitoring and describes the current state of IPFIX collector, which is being developed by an organization called CESNET. It also describes service properties, which can be monitored during the process of data collection using the IPFIX protocol. A new plugin is described, which is intended for the collection and the export of service properties. The thesis describes an implementation and contains results of testing of the new plugin.
|
|
|
Secure Transport of NetFlow and IPFIX Records
Štěpánek, Adam ; Grégr, Matěj (referee) ; Podermański, Tomáš (advisor)
This bachelor thesis deals with an IP flow based data network monitoring system. It presents the architecture of the NetFlow based monitoring, explains the basic terms, the NetFlow protocol and its alternatives. Further, weak spots of the monitoring systems are determined and a conceptual solution is proposed. This solution is implemented and described in detail. Finally, testing methods and results are discussed and the possibilities of further development and optimization are proposed.
|
|
|
Fast Detection of Application Protocols
Grochol, David ; Vašíček, Zdeněk (referee) ; Sekanina, Lukáš (advisor)
Master thesis is focused on classification of application protocols based on application data taken from layer L7 of ISO/OSI model. The aim of the thesis is to suggest a classifier for SDM system (Software defined monitoring) so it could be used for links with throughput up to 100 Gb/s. At the same time it should classify with the fewest possible errors.Designed classifier consists of two parts. First part depicts encoders for encoding selected attributes. Second part deals with evaluating circuit which detects series characteristic for particular application protocols on the output from the first part. Considered attributes and series are taken from statistic analyzes of application protocol data.The classifier itself is designed so it can be implemented in FPGA and enables modification set of application protocols who intended for classification. The quality of designed classifier is tested on real network data. The results of classification are compared with current methods used for classification of application protocols.
|
|
|
IP Flow Filtration and Profiling
Sedlák, Michal ; Tisovčík, Peter (referee) ; Kučera, Jan (advisor)
This thesis addresses the problem of filtering and profiling IP flows, primarily data of IPFIXsystems. Within the work, a general filtering component is designed and implemented, whichaims to be sufficiently efficient and flexible for use in other projects related to IP flows. Thiscomponent is then adapted to work with data in the IPFIX protocol format and integratedinto the existing modular collector IPFIXcol2 in the form of plugins adding the support forfiltering of passing IPFIX data and their sorting into profiles.
|
|
|
Implementation of open source system for network monitoring
Scripnic, Dmitrii ; Sládok, Ondřej (referee) ; Grenar, David (advisor)
The bachelor thesis deals with network monitoring. In this work, a theoretical analysis of known monitoring systems was performed and their architecture, properties and work with these systems were also described. Subsequently, a comparative characteristic of all described systems was performed. At the beginning of the practical part, the installation and configuration of all monitoring systems and their evaluation was performed. The second part deals with the Zabbix monitoring system, where more emphasis was placed on monitoring IP service delays.
|
|
|
Hardware Acceleration of Protocol Identification
Kobierský, Petr ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
Dynamic growth of computer networks encourages rapid development of network applications and services. To provide sufficient network service quality, it is important to limit some network flows based on their application protocol type. This thesis deals with the methods of network protocol identification and discusses their accuracy and suitability for multigigabit networks. Based on the analysis, a protocol identification model was created and evaluated. The model was used for the design of hardware architecture accelerating computationally intensive operations of protocol identification. The proposed solution is able to work on 10 Gb/s networks and export protocol information using NetFlow protocol.
|
guest ::
