|
|
Fast Processing of Application-Layer Protocols
Bárta, Stanislav ; Martínek, Tomáš (referee) ; Polčák, Libor (advisor)
This master's thesis describes the design and implementation of system for processing application protocols in high-speed networks using the concept of Software Defined Monitoring. The proposed solution benefits from hardware accelerated network card performing pre-processing of network traffic based on the feedback from monitoring applications. The proposed system performs pre-processing and filtering of network traffic which is handed afterwards passed to application modules. Application modules process application protocols and generate metadata that describe network traffic. Pre-processing consists of parsing of network protocols up to the transport layer, TCP reassembling and forwarding packet flow only to modules that are looking for a given network traffic. The proposed system closely links intercept related information internal interception function (IRI-IIF) and content of communication internal interception function (CC-IIF) to minimize the performing of duplicate operations and increase the efficiency of the system.
|
|
|
Accelerated Detection of Network Security Threats
Piecek, Adam ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the acceleration of IDS (Intrusion Detection System) for detection of security threats in networks. The main goal of the thesis is a proposal to use the Software Defined Monitoring (SDM) concept to accelerate the activity of IDS applications with a regard to their subsequent deployment for high-speed network analysis. The proposed system is implemented and subsequently evaluated for two selected open-source applications - Snort and Suricata. Over and above the task, native support for the SZE2 interface for packet acquisition is also implemented for the Suricata system in order to achieve even faster acceleration using an accelerated network interface card. Two alternatives of the concept are further analysed and compared in the thesis. The first alternative uses the hardware-accelerated version of SDM, while the second alternative is based on full software implementation of the SDM principle. Both alternatives are then evaluated in terms of achieved results and performance parameters of the entire system before and after the acceleration.
|
|
|
Acceleration of HTTTP Traffic Analysis
Budiský, Jakub ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
This bachelor thesis addresses hardware accelerated analysis of HTTP, the most used protocol on the Internet. The goal is to extract substantial information from the HTTP headers and to achieve throughput needed for monitoring high-speed networks. The C language is used to create a software implementation which is then optimized for parallel environment and transformed into a hardware architecture using High Level Synthesis. Both solutions, software and hardware one, are tested on real traffic samples and their throughput is measured. Achieved results are discussed and new solution is proposed on their basis.
|
|
|
Accelerated Detection of Network Security Threats
Piecek, Adam ; Kekely, Lukáš (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with the acceleration of IDS (Intrusion Detection System) for detection of security threats in networks. The main goal of the thesis is a proposal to use the Software Defined Monitoring (SDM) concept to accelerate the activity of IDS applications with a regard to their subsequent deployment for high-speed network analysis. The proposed system is implemented and subsequently evaluated for two selected open-source applications - Snort and Suricata. Over and above the task, native support for the SZE2 interface for packet acquisition is also implemented for the Suricata system in order to achieve even faster acceleration using an accelerated network interface card. Two alternatives of the concept are further analysed and compared in the thesis. The first alternative uses the hardware-accelerated version of SDM, while the second alternative is based on full software implementation of the SDM principle. Both alternatives are then evaluated in terms of achieved results and performance parameters of the entire system before and after the acceleration.
|
|
|
Acceleration of HTTTP Traffic Analysis
Budiský, Jakub ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
This bachelor thesis addresses hardware accelerated analysis of HTTP, the most used protocol on the Internet. The goal is to extract substantial information from the HTTP headers and to achieve throughput needed for monitoring high-speed networks. The C language is used to create a software implementation which is then optimized for parallel environment and transformed into a hardware architecture using High Level Synthesis. Both solutions, software and hardware one, are tested on real traffic samples and their throughput is measured. Achieved results are discussed and new solution is proposed on their basis.
|
|
|
Advanced Tools for Legal Interception on Network Probe
Vrána, Roman ; Polčák, Libor (referee) ; Bartoš, Václav (advisor)
This thesis describes design and implementation of one of the parts of lawful interception system for intercepting network traffic. Designed system will be used for processing traffic with at maximum throughput of 100 Gbps. Resulting system will use hardware acceleration with Software Defined Monitoring (SDM) features. Software itself is designed to be able to process as many netwrok frames as possible even without hardware acceleration.
|
|
|
Fast Processing of Application-Layer Protocols
Bárta, Stanislav ; Martínek, Tomáš (referee) ; Polčák, Libor (advisor)
This master's thesis describes the design and implementation of system for processing application protocols in high-speed networks using the concept of Software Defined Monitoring. The proposed solution benefits from hardware accelerated network card performing pre-processing of network traffic based on the feedback from monitoring applications. The proposed system performs pre-processing and filtering of network traffic which is handed afterwards passed to application modules. Application modules process application protocols and generate metadata that describe network traffic. Pre-processing consists of parsing of network protocols up to the transport layer, TCP reassembling and forwarding packet flow only to modules that are looking for a given network traffic. The proposed system closely links intercept related information internal interception function (IRI-IIF) and content of communication internal interception function (CC-IIF) to minimize the performing of duplicate operations and increase the efficiency of the system.
|
guest ::
