|
|
Identification of Network Applications from Encrypted Communications
Šafář, Radim ; Dolejška, Daniel (referee) ; Ryšavý, Ondřej (advisor)
The goal of this thesis is creation of tool that is able to detect applications from encrypted traffic using machine learning. Data source for clasification are network flows captured with tool Suricata, not the entire content of communication. Main source are TLS handshakes, which are able to be fingeprinted with fingerprints JA3 or JA4 making flows easier to identify. Thesis also addresses the issue of JA4 not being implemented in used tools. For clasification is used library ML.NET which makes the process of creating a model easier.
|
|
|
Platform for Automated Fingerprints Generation for Mobile Apps
Kičinka, Kristián ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
The goal of this work is to develop a platform that would enable automated TLS fingerprinting of mobile applications for the Android platform. The thesis contains information required to understand the issues of TLS fingerprinting, the available types of fingerprints and the method of creating mobile application fingerprints using TLS fingerprints, the design and implementation of the modules required to create the platform. It discusses the issues of automated application acquisition, installation and launching in order to analyze network communication and create fingerprints. It covers the storage and versioning of the created fingerprints and the experiments performed with the created platform in order to verify the functionality and usability of the platform in a real-world environment. It also includes analysis of communication of malicious and malware applications. The platform will contribute to improvements in the field of network traffic analysis, to increase the efficiency of network administrator’s work and is useful in monitoring network communication to identify individual applications on the network, in identifying malicious applications or detecting malware.
|
|
|
Analysis of Malicious Encrypted Network Traffic
Dubec, Branislav ; Homoliak, Ivan (referee) ; Očenášek, Pavel (advisor)
This bachelor thesis deals with the analysis of malicious encrypted network traffic using artificial intelligence methods. A solution is to create a system for detecting security intrusions using detection analysis methods. Theoretical part describes methods of anomaly detection, and explains the concept of artificial neural network. In the practical part, it experiments with various anomaly detection techniques in order to obtain the best results.
|
|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
|
|
Fingerprinting and Identification of TLS Connections
Hejcman, Lukáš ; Kocnová, Jitka (referee) ; Kekely, Lukáš (advisor)
TLS je dnes nejpopulárnější šifrovací protokol používaný na internetu. Jeho cílem je poskytnout vysokou úroveň zabezpečení a soukromí pro komunikaci mezi zařízeními. Představuje však výzvu z hlediska monitorování a správy sítí, protože není možné analyzovat komunikaci šifrovanou pomocí tohoto protokolu ve velkém měřítku, pomocí existujících metod založených na detailní analýze obsahu paketů. Analýza šifrované komunikace může správcům pomoci detekovat škodlivou aktivitu v jejich sítích a také jim může pomoci identifikovat potenciální bezpečnostní hrozby. V této práci představuji metodu, která nám umožňuje využít výhod dvou metod otisků TLS, JA3 a Cisco Mercury, k určení operačního systému a procesů klientů v počítačové síti. Navržená metoda je schopna dosáhnout srovnatelných nebo lepších výsledků v porovnání se stávajícím přístupem Cisco Mercury pro vybrané datové sady a zároveň poskytuje možnosti pro detailnější analýzy klasifikací než JA3. V rámci práce je dále implementován modul pro systém NEMEA, který je schopný analyzovat TLS provoz pomocí nově navrženého přístupu.
|
|
|
Detection of Mobile Applications Using Traffic Profiling
Babic, Radovan ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This bachelor thesis deals with JA3 and JA3S methods of digital profiling of mobile applications based on TLS handshake between client and server. The thesis describes the used method of emulation of mobile devices using the Android operating system, installation of applications, generation and capture of traffic needed to create a database of profiles. Furthermore, the work describes the method that I implemented in the tool for automated creation of a database of digital profiles of applications and their subsequent classification and recognition using data obtained from internet traffic in the network.
|
|
|
Mobile Application Identification Based on TLS Data
Borbély, Richard ; Matoušek, Petr (referee) ; Burgetová, Ivana (advisor)
This thesis deals with identification of mobile applications based on data from network protocol TLS. It conducts a research of values from the TLS handshake, specifically of JA3, JA3S and SNI values. The work represents an application that includes an algorithm performing a classification over TLS data. The results of the classification represent information based on which we can decide, if the identification of the apps was successful. This method allowed to identify 17 of the 18 given applications. The benefit of this work is the ability to identify mobile apps based on JA3, JA3S and SNI values and for example, it can be used in network administration.
|
|
|
Identification of Mobile Applications in Encrypted Traffic
Snášel, Daniel ; Burgetová, Ivana (referee) ; Matoušek, Petr (advisor)
The work focuses on the identification of mobile applications in encrypted traffic based on TLS fingerprints. The aim of the work was to create an architecture for obtaining selected attributes from TLS connection handshake, to create TLS fingerprints and their comparison. Emphasis was placed on the accuracy of individual metrics, the quality of selected attributes and on the determination of the threshold T comparison, which was ultimately set at 75 %. A total of ten attributes were selected from the TLS connection handshake, such as IP address, Cipher Suite, Server Name Indication, the size of the first ten packets and more. Accurate, substring and index comparisons were chosen to compare individual attributes. The total similarity of the two TLS fingerprints is then calculated as the weighted sum of the matches of the individual attributes. The resulting architecture allows you to compare TLS application fingerprints from the created dataset with newly created fingerprints from encrypted communication, and thus identify the applications. It also allows manual or automatic learning of new applications from the compared file, or updating of known TLS fingerprints of applications in the dataset.
|
|
|
Analysis of Malicious Encrypted Network Traffic
Dubec, Branislav ; Homoliak, Ivan (referee) ; Očenášek, Pavel (advisor)
This bachelor thesis deals with the analysis of malicious encrypted network traffic using artificial intelligence methods. A solution is to create a system for detecting security intrusions using detection analysis methods. Theoretical part describes methods of anomaly detection, and explains the concept of artificial neural network. In the practical part, it experiments with various anomaly detection techniques in order to obtain the best results.
|
|
|
Detection of Mobile Applications Using Traffic Profiling
Babic, Radovan ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This bachelor thesis deals with JA3 and JA3S methods of digital profiling of mobile applications based on TLS handshake between client and server. The thesis describes the used method of emulation of mobile devices using the Android operating system, installation of applications, generation and capture of traffic needed to create a database of profiles. Furthermore, the work describes the method that I implemented in the tool for automated creation of a database of digital profiles of applications and their subsequent classification and recognition using data obtained from internet traffic in the network.
|
guest ::
