|
|
Generic Reverse Compilation to Recognize Specific Behavior
Ďurfina, Lukáš ; Šaloun, Petr (referee) ; Zahradnický,, Tomáš (referee) ; Kolář, Dušan (advisor)
Práce je zaměřena na rozpoznávání specifického chování pomocí generického zpětného překladu. Generický zpětný překlad je proces, který transformuje spustitelné soubory z různých architektur a formátů objektových souborů na stejný jazyk na vysoké úrovni. Tento proces se vztahuje k nástroji Lissom Decompiler. Pro účely rozpoznání chování práce zavádí Language for Decompilation -- LfD. LfD představuje jednoduchý imperativní jazyk, který je vhodný pro srovnávaní. Konkrétní chování je dáno známým spustitelným souborem (např. malware) a rozpoznání se provádí jako najítí poměru podobnosti s jiným neznámým spustitelným souborem. Tento poměr podobnosti je vypočítán nástrojem LfDComparator, který zpracovává dva vstupy v LfD a rozhoduje o jejich podobnosti.
|
|
|
Javascript Program Obfuscation
Kuna, Matej ; Burget, Radek (referee) ; Hruška, Tomáš (advisor)
In this project I deal with basic description of source code obfuscation and size reduction techniques of programming languages. The project is primary aimed on scripting language named JavaScript and involved analysis of free obfuscation tools for this language. In the final stage I have created an application is based on theoretical scope of this project and able to obfuscate JavaScript source codes on different levels.
|
|
|
Generic Obfuscation on the Bytecode Level
Kollát, Samuel ; Křoustek, Jakub (referee) ; Ďurfina, Lukáš (advisor)
This work contains definition of obfuscation and methods of obfuscation. It is followed by description of LLVM Project and its suitability for obfuscation on the bytecode level for purpose of targeting different architectures. The core of the work is formed by detailed design of obfuscation methods aiming towards their implementation in back-end of LLVM compiler. Closing section is dedicated to verification of implemented functionality on different architectures by automated testing.
|
|
|
Extension of Behavioral Analysis of Network Traffic Focusing on Attack Detection
Teknős, Martin ; Zbořil, František (referee) ; Homoliak, Ivan (advisor)
This thesis is focused on network behavior analysis (NBA) designed to detect network attacks. The goal of the thesis is to increase detection accuracy of obfuscated network attacks. Methods and techniques used to detect network attacks and network traffic classification were presented first. Intrusion detection systems (IDS) in terms of their functionality and possible attacks on them are described next. This work also describes principles of selected attacks against IDS. Further, obfuscation methods which can be used to overcome NBA are suggested. The tool for automatic exploitation, attack obfuscation and collection of this network communication was designed and implemented. This tool was used for execution of network attacks. A dataset for experiments was obtained from collected network communications. Finally, achieved results emphasized requirement of training NBA models by obfuscated malicious network traffic.
|
|
|
Network Traffic Obfuscation for IDS Detection Avoidance
Ovšonka, Daniel ; Barabas, Maroš (referee) ; Malinka, Kamil (advisor)
This thesis deals with the principles of network traffic obfuscation, in order to avoid its detection by the Intrusion Detection System installed in the network. At the beginning of the work, reader is familiarized with the fundamental principle of the basic types of IDS and introduced into the matter of obfuscation techniques, that serve as stepping stone in order to create our own library, whose design is described in the last part of the work. The outcome of the work is represented by a library, that provides all the implemented techniques for further use. The library can be well utilized in penetration testing of the new systems or used by the attacker.
|
|
|
JavaScript Code Normalization During Detection of Vulnerabilities
Havlíček, Lukáš ; Dolejška, Daniel (referee) ; Polčák, Libor (advisor)
This thesis deals with the minification, obfuscation of JavaScript and normalization of abstract syntactic trees for browser extensions implemented in Mr. Randýsek’s thesis. The tools and techniques of both JavaScript minification and obfuscation have been studied. This information was used in the design and implementation of abstract syntactic tree normalization. The trees are used in a Chrome browser extension that detects and corrects JavaScript code. I tested the normalizations with unit and integration tests. I also tested the vulnerability detection extension, where I detected 125 vulnerabilities on 1000 websites.
|
|
|
Generic Reverse Compilation to Recognize Specific Behavior
Ďurfina, Lukáš ; Šaloun, Petr (referee) ; Zahradnický,, Tomáš (referee) ; Kolář, Dušan (advisor)
Práce je zaměřena na rozpoznávání specifického chování pomocí generického zpětného překladu. Generický zpětný překlad je proces, který transformuje spustitelné soubory z různých architektur a formátů objektových souborů na stejný jazyk na vysoké úrovni. Tento proces se vztahuje k nástroji Lissom Decompiler. Pro účely rozpoznání chování práce zavádí Language for Decompilation -- LfD. LfD představuje jednoduchý imperativní jazyk, který je vhodný pro srovnávaní. Konkrétní chování je dáno známým spustitelným souborem (např. malware) a rozpoznání se provádí jako najítí poměru podobnosti s jiným neznámým spustitelným souborem. Tento poměr podobnosti je vypočítán nástrojem LfDComparator, který zpracovává dva vstupy v LfD a rozhoduje o jejich podobnosti.
|
|
|
Generic Obfuscation on the Bytecode Level
Kollát, Samuel ; Křoustek, Jakub (referee) ; Ďurfina, Lukáš (advisor)
This work contains definition of obfuscation and methods of obfuscation. It is followed by description of LLVM Project and its suitability for obfuscation on the bytecode level for purpose of targeting different architectures. The core of the work is formed by detailed design of obfuscation methods aiming towards their implementation in back-end of LLVM compiler. Closing section is dedicated to verification of implemented functionality on different architectures by automated testing.
|
|
|
Javascript Program Obfuscation
Kuna, Matej ; Burget, Radek (referee) ; Hruška, Tomáš (advisor)
In this project I deal with basic description of source code obfuscation and size reduction techniques of programming languages. The project is primary aimed on scripting language named JavaScript and involved analysis of free obfuscation tools for this language. In the final stage I have created an application is based on theoretical scope of this project and able to obfuscate JavaScript source codes on different levels.
|
|
|
Network Traffic Obfuscation for IDS Detection Avoidance
Ovšonka, Daniel ; Barabas, Maroš (referee) ; Malinka, Kamil (advisor)
This thesis deals with the principles of network traffic obfuscation, in order to avoid its detection by the Intrusion Detection System installed in the network. At the beginning of the work, reader is familiarized with the fundamental principle of the basic types of IDS and introduced into the matter of obfuscation techniques, that serve as stepping stone in order to create our own library, whose design is described in the last part of the work. The outcome of the work is represented by a library, that provides all the implemented techniques for further use. The library can be well utilized in penetration testing of the new systems or used by the attacker.
|
guest ::
