|
|
Detection and mitigation of DDoS attacks
Brázda, Mikuláš ; Hranický, Radek (referee) ; Žádník, Martin (advisor)
This work deals with the detection of DDoS attacks in the CESNET3 network infrastructure, utilizing NetFlow record analysis. Considering the dynamic nature of network traffic, it treats the data as an infinite stream. To store and efficiently process large volumes of data, it employs the sketch method, which allows for a compact representation of data without losing key information about the network traffic. The core of the detection mechanism is the adaptive CUSUM algorithm, which accumulates deviations from a long-term moving average. An alert is triggered when a threshold is exceeded. The module was tested on real network data with various parameter settings to demonstrate its properties. The implemented module is part of the NEMEA system.
|
|
|
Custom attribute export extension for NetFlow probe
Mateáš, Branislav ; Lichtner, Ondrej (referee) ; Grégr, Matěj (advisor)
Táto diplomová práca sa zaoberá rozšírením modulu NetFlow implementáciou vlastnej funkcie exportu atribútov zameranej na zachytávanie odchýlok. Výstupom tejto práce je návod na rozšírenie implementácie modulu ipt_netflow o export vlastného atribútu netflow a samotná implementácia rozšírená o export atribútu odchýlky velkosti paketov. Odchýlka veľkosti paketov pridáva údajom o sieťových tokoch nový rozmer, ktorý je obzvlášť cenný pre detekciu anomálií a monitorovanie výkonnosti siete.
|
|
|
Distributed system for suppression of DoS attacks
Beneš, Dalibor ; Žádník, Martin (referee) ; Šišmiš, Lukáš (advisor)
Ochrana před distribuovanými útoky odepření služby (DDoS) patří mezi klíčové oblastí síťové bezpečnosti. Jednou z možných forem ochrany je využití zařízení DCPro DDoS Protector vyvíjeného sdružením CESNET. Sdružení CESNET provozuje také systémy pro monitorování a analýzu síťového provozu IPFIXcol2 a NEMEA, a dále poskytuje možnost využít protokol pro monitorování sítě sFlow. Cílem této práce je navrhnout a uskutečnit integraci těchto systémů a vytvořit tak efektivní systém potlačení útoků odepření služby. Při vypracování tohoto cíle byl kladen důraz na efektivní využití stávajích řešení, znovupoužitelnost a možnosti budoucího rozšíření celé distribuované architektury.
|
|
|
Platform for Automated Fingerprints Generation for Mobile Apps
Kičinka, Kristián ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
The goal of this work is to develop a platform that would enable automated TLS fingerprinting of mobile applications for the Android platform. The thesis contains information required to understand the issues of TLS fingerprinting, the available types of fingerprints and the method of creating mobile application fingerprints using TLS fingerprints, the design and implementation of the modules required to create the platform. It discusses the issues of automated application acquisition, installation and launching in order to analyze network communication and create fingerprints. It covers the storage and versioning of the created fingerprints and the experiments performed with the created platform in order to verify the functionality and usability of the platform in a real-world environment. It also includes analysis of communication of malicious and malware applications. The platform will contribute to improvements in the field of network traffic analysis, to increase the efficiency of network administrator’s work and is useful in monitoring network communication to identify individual applications on the network, in identifying malicious applications or detecting malware.
|
|
|
Distributed Tool for Extraction of Information from Network Flows
Sedlák, Michal ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
This work deals with the extraction of information from flow records that are the result of network monitoring by the IPFIX system. The goal of the work is to design a tool that allows querying stored network flows created by the open-source collector IPFIXcol2. Querying is performed with the highest possible efficiency and performance in mind, which is achieved by using appropriate data structures and thread-level parallelization, as well as by using multiple machines.
|
|
|
Information System for Fair User Policy Management
Horčička, Jakub ; Kaštovský, Petr (referee) ; Tobola, Jiří (advisor)
This bachelor thesis presents methods for monitoring network activity with an aim to Cisco Systems NetFlow technology. Following chapters describe implementation of an information system that uses this technology especially for making the stats about particular users and allows checking of rules and data limits determined in ofeered tarifes.
|
|
|
Information System for Internet Service Provider
Straňák, Slavomír ; Ruttkay, Ladislav (referee) ; Tobola, Jiří (advisor)
This bachelor's thesis describe information system for internet service provider (ISP) with NetFlow technology for monitoring of networks. The thesis characterizes whole NetFlow architecture, individual protocols, their best advantages and frequency application. It specifies detail design and implementation of information system and their basic parts. To achievement this design was applied technology XHTML, CSS, PHP and MySQL, which offer strong implement for making of dynamic application available on network Internet.
|
|
|
Design and implementation of network collector
Bošeľa, Jaroslav ; Horváth, Tomáš (referee) ; Oujezský, Václav (advisor)
This master’s thesis deals with description of information protocol of network flow, mainly definition of Cisco NetFlow version 9. Describes it’s features, message format and attributes of transmitted data. The thesis is primarly focused onto NetFlow v9 transmitted template, which defines fileds and data in consecutive data flow. The essence of the thesis consists in implementation of simple NetFlow v9 parser, which has been programmed in Python prog.language, it’s tests of captured UDP data from file and port capture testing on development server in lab. There is a possibility of saving captured and parsed data into prepared database within implementation as output from capturing.
|
|
|
HTTP Application Performance Monitoring
Knapik, Martin ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
Goal of this bachelor thesis was to create solution for monitoring and analysis of network performance of HTTP server using Nemea framework and NetFlow data. For this purpose, I've created Nemea module for filtering, parsing and saving NetFlow data enhanced by informations gained from HTTP plugin on exporter. For analysis and user interface, webpage based on Django framework was created, used for displaying statistics that are useful for users in order to reveal problems with monitored servers. Result of my work is product, which is demonstrating possibility of using of Nemea system for passive monitoring of HTTP servers.
|
|
|
Optimization of NetFlow Data Search Using nfdump
Kubovič, Martin ; Žádník, Martin (referee) ; Bartoš, Václav (advisor)
This bachelor thesis deals with optimization of NetFlow data search using the nfdump tool. This thesis describes NetFlow protocol and tool nfdump and proposes the solution using data structure Bloom filter. The main goal was to optimize data storage and processing in order to be able to search the huge amounts of collected data and get results very quickly. The outcome of this thesis is the optimized tool that network administrators can use to search these data and significantly accelerate monitoring and analyzing network.
|
guest ::
