|
|
Filtering of denial-of-service attacks
Klimeš, Jan ; Blažek, Petr (referee) ; Gerlich, Tomáš (advisor)
This thesis deals with filtering selected DDoS attacks on denial of the service. The the toretical part deals with the problems of general mechanisms used for DDoS attacks, defense mechanisms and mechanisms of detection and filtration. The practical part deals with the filtering of attacks using the iptables and IPS Suricata firewall on the Linux operating system in an experimental workplace using a network traffic generator to verify its functionality and performance, including the statistical processing of output data from filter tools using the Elasticsearch database.
|
|
|
Communications MikroTik and IPS
Golovkova, Nataliya ; Lieskovan, Tomáš (referee) ; Gerlich, Tomáš (advisor)
The bachelor thesis is is focused on network attack problems and possible protection against their consequencies. The theortecical part describes the attacks that are currently among the most widespread with focus on the attack of Denial of Services (DoS). The next part of the thesis deals with detection and prevention systems fornetwork traffic monitoring with emphasis on the Suricata system. The following part is about getting familiar with the Mikrotik devices that are used in the practical part of the thesis. The practical part aims to provide a solution to mitigate the DoS attack in the communication between Mikrotik router and Suricata system. The communication is solved in a script using the php programming language.
|
|
|
Detection of local area network topology
Šípek, Martin ; Gerlich, Tomáš (referee) ; Martinásek, Zdeněk (advisor)
The bachelor thesis focuses on the detection and mitigation of Man-in-the-Middle attacks in the local network using its own implementation in the Python programming language. One of the most common Man-in-the-Middle attacks is ARP spoofing, which should be identified by the detection system and then mitigate it. The theoretical part of the thesis analyzes the current state of the issue, including a detailed description of the network analysis and tools which are used in this analysis. Cyber attacks are also described, namely Man-in-the-Middle and Denial-of-Service attacks. The practical part describes the realization of the experimental workplace and its detailed components and the installation and configuration of MySQL and Elasticsearch databases. It also focuses on the Suricata program, designed to analyze network traffic, on the actual implementation of Man-in-the-Middle attack detection and on the achieved results of testing of the implemented detection system.
|
|
|
Mitigation of DDoS Attacks Using IDS/IPS
Litwora, Martin ; Tisovčík, Peter (referee) ; Kučera, Jan (advisor)
This This bachelor's thesis focuses on the detection and mitigation of DDoS attacks (Distributed Denial of Service). The main goal is to analyze and practically verify the capabilities of various IDS/IPS, especially the open-source tool Suircata, to mitigate DDoS attacks. Three main DDoS attack groups are analyzed in this thesis. These groups are flood attacks, amplification attacks, and slow attacks. A set of rules has to be created for each attack type from these groups in order for Suricata to mitigate those DDoS attacks. This thesis also implements a set of tools and scripts to check the functionality and effectiveness of the created rules. These tools are used to generate selected DDoS attacks with different parameters. Testing took place in a virtual environment where special nodes had to be created which represent real subjects during a real DDoS attack. The set of tools and scripts was designed in a way that it can easily be used outside this virtual environment where it is possible to have larger network loads, various variants and combinations of systems, and more.
|
|
|
Machine Learning from Intrusion Detection Systems
Dostál, Michal ; Očenášek, Pavel (referee) ; Hranický, Radek (advisor)
The current state of intrusion detection tools is insufficient because they often operate based on static rules and fail to leverage the potential of artificial intelligence. The aim of this work is to enhance the open-source tool Snort with the capability to detect malicious network traffic using machine learning. To achieve a robust classifier, useful features of network traffic were choosed, extracted from the output data of the Snort application. Subsequently, these traffic features were enriched and labeled with corresponding events. Experiments demonstrate excellent results not only in classification accuracy on test data but also in processing speed. The proposed approach and the conducted experiments indicate that this new method could exhibit promising performance even when dealing with real-world data.
|
|
|
Using Metadata to Optimize the Suricata IDS/IPS
Shchapaniak, Andrei ; Fukač, Tomáš (referee) ; Šišmiš, Lukáš (advisor)
Jak Internet stále roste a vyvíjí se, kybernetické útoky se stávají škodlivějšími a závažnějšími. Je tedy důležité mít účinné systémy detekce a prevence. Potřeba takových systémů se stává urgentnější, protože škody způsobené kybernetickými útoky mohou být pro jednotlivce i organizace katastrofické. Toto motivuje k vývoji vysoce výkonných systémů detekce a prevence, které jsou schopny efektivněji detekovat a bránit kybernetickým útokům. Tato bakalářská práce se konkrétně zaměřuje na jeden z těchto systémů -- Suricatu. Jedná se o IDS/IPS systém s otevřeným kódem, který je v průmyslu široce používán díky svým pokročilým schopnostem a flexibilitě. Základním cílem této práce je navrhnout, implementovat a vyhodnotit přenos metadat pro každý paket. Metadata mohou být přidána pomocí chytrých síťových karet (SmartNICs). DPDK Prefilter byl použit společně se Suricatou k simulaci specializovaného hardwaru. On dokáže simulovat přenos metadat do Suricaty. Dopad metadat a výsledky experimentálního hodnocení budou podrobně popsány na konci této bakalářské práce.
|
|
|
Suricata Module for IBM QRadar
Kozák, Martin ; Žádník, Martin (referee) ; Hranický, Radek (advisor)
This work integrates the Suricata program into the QRadar system. The main objective of this work is to design and implement a DSM module in QRadar system that can analyze the records from Suricata. The events can then be investigated in the QRadar system environment. Another objective is to design an application that displays the data detected by the Suricata program. The application can be installed in the QRadar environment and used with other built-in components. The application is programmed in the Flask library using Jinja2 templates. The application includes two tabs that display events in different graphs and table.
|
|
|
Network probe module for energy protocols analysis
Nguyen, Minh Hien ; Burda, Karel (referee) ; Blažek, Petr (advisor)
Energy protocols are already increasingly entering our daily lives. With the development of smart grids, meters and appliances, more and more customers are demanding faster and more accurate consumption readings, as well as efficient information about the status of the energy network and control over energy use. The theoretical part of this master's thesis focuses primarily on the description of energy standards and protocols (IEC 60870, IEC 61850, DLMS and DNP3). Before the design of the analyzer, the network probe was first tested for load and stress. Once the criteria were met a DLMS energy protocol analysis module was created. The output is a set of statistics and values and can be used as a basis for machine learning and artificial intelligence. Furthermore, the thesis described the possible attacks on the energy protocol and proposes suitable detection methods based on the Suricata module.
|
|
|
Network probe: Network monitoring and management tool
Bohačík, A. ; Fujdiak, R. ; Mišurec, J.
Nowadays, there are many risks associated with computer networks, some of them can be eliminated with network probes. This paper is focused on the developed BUT network probe as a tool representing a hardware protection element of the network. Furthermore, the basics of IDS and IPS systems are described, including their possible applications. The basic concept of the network probe, the description of its basic parts and the created user interface are discussed. The last part is focused on the testing of hardware components that directly affect the proper functioning. The test results showed that the BUT network probe is able to perform network traffic analysis even at its maximum load.
|
|
| |
guest ::
