|
|
Testing of Probes for Network Traffic Monitoring
Sobol, Jan ; Korček, Pavol (referee) ; Kořenek, Jan (advisor)
In order to ensure a secure and stable Internet, administrators need tools for network monitoring which will allow them to analyze ongoing network traffic and respond to situations in a timely manner. One way to monitor traffic is to use monitoring probes. This thesis focuses on a thorough verification of the parameters of existing probes IPFIX probe and FlexProbe. FlexProbe is a network probe designed for the implementation of lawful interceptions developed at FIT BUT in cooperation with the Police of the Czech Republic. The IPFIX probe is developed by the CESNET association and is used for flow monitoring within the FlexProbe probe. In order to be able to operate the probes in the target environment for a long time, it is necessary to thoroughly test the device. The exact behavior of the probe is defined by the specification requirements that are developed for both probes. Based on the requirements, a comprehensive test system covering functional and performance parameters of the probes was designed. The tests are unified using a test framework and included in automated scenarios implemented in system Jenkins. At the end of the thesis, the coverage of the required properties of the probes and their performance is evaluated.
|
|
| |
|
|
Traffic Analysis of Network Protocols Kerberos, NTLM, and SAML 2.0
Krůl, Michal ; Orsák, Michal (referee) ; Tisovčík, Peter (advisor)
This thesis engages the problem consisting of analysis and detection of the attacks carried out on the authentication protocols in the environment of network structures, like those used in big corporations. In~this thesis, the problem is examined in the light of the netflow analysis. Main content of the thesis is a simulation of the attacks targeting network architectures, where the authentication is served by mentioned protocols, and effort to detect these attack by the netflow monitoring. The outcome of this thesis is a draft, how to automatically detect the attacks carried out in the network structures, and plugin for the exporter of the Flowmon sond, the product of Flowmon Networks company, which will be extracting the information needed for the performance of the detection.
|
|
|
Adaptive Sampling of Input Packets Implemented in FlowMon Probe
Kaštovský, Petr ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
There is a FlowMon probe being developed in a Libeouter project that is used for passive network measurements. The probe has better stability and accuracy than sofware based solutions even under a heavy load or network attack. To guarantee a precision of results there is a need to data reduction to prevent measuring system overload. There are few kinds of data reduction. Method used in the FlowMon probe is called sampling. Adaptive sampling unit sets the sampling rate (rate of processed and discarded packets) according to actual state of measured network.
|
|
|
Zero Copy Packet Processing
Plotěný, Ondřej ; Podermański, Tomáš (referee) ; Grégr, Matěj (advisor)
Cílem této magisterské práce je návrh a implementace síťové sondy pro sledování toků na 10GbE rozhraní. Text se zabývá přehledem GNU/Linux nástrojů využívaných ve vysokorychlostních sítích a principů jejich fungování. Dále pak je uveden návrh a implementace sondy využívající mechanismu zero-copy pro sledování provozu na 10GbE rozhraní. Aplikace využívá Expresní datové cesty (XDP) a jeho AF_XDP soketu pro zachycení provozu na rozhraní. Jako testovací platforma byla vybrána platforma NETX používaná na FIT VUT.
|
|
|
Application Data Extraction from Network Protocols
Januš, Filip ; Jeřábek, Kamil (referee) ; Holkovič, Martin (advisor)
This thesis is focused on design and implementation of tool for data extraction from captured network communication. The theoretical part deal with particular network protocols, its behavior, defines keywords and apprises with used tools. Second part is focused on design and implementation of extraction tool, design of declaration language for description of protocols. In the extractor are included third-party tools for analysis particular packets and reconstruction network flows. These tools together with designed declarative language are used due to requirement on easy extendability of designed tool. The end of this thesis is dedicated functional and performance testing of implemented tool.
|
|
|
On possible approaches to detecting robotic activity of botnets
Prajer, Richard ; Palovský, Radomír (advisor) ; Pavlíček, Luboš (referee)
This thesis explores possible approaches to detecting robotic activity of botnets on network. Initially, the detection based on full packet analysis in consideration of DNS, HTTP and IRC communication, is described. However, this detection is found inapplicable for technical and ethical reasons. Then it focuses on the analysis based on network flow metadata, compiling them to be processable in machine learning. It creates detection models using different machine learning methods, to compare them with each other. Bayes net method is found to be acceptable for detecting robotic activity of botnets. The Bayesian model is only able to identify the botnet that already executes the commands sent by its C&C server. "Sleeping" botnets are not reliably detectable by this model.
|
|
|
Fast Generator of Network Flows
Budiský, Jakub ; Dvořák, Milan (referee) ; Matoušek, Jiří (advisor)
Tato diplomová práce se věnuje analýze existujících řešení pro generování síťového provozu určeného k testování síťových komponent. Zaměřuje se na generátory na úrovni IP síťových toků a pokrývá návrh a implementaci generátoru, zvaného FLOR, schopného vytvářet syntetický síťový provoz rychlostí až několik desítek gigabitů za sekundu. K plánování toků využívá náhodného procesu. Vytvořená aplikace je otestována a porovnána s existujícími nástroji. V závěru jsou navrženy další vylepšení a optimalizace.
|
|
|
Memory Reduction of Stateful Network Traffic Processing
Hlaváček, Martin ; Puš, Viktor (referee) ; Kořenek, Jan (advisor)
This master thesis deals with the problems of memory reduction in the stateful network traffic processing. Its goal is to explore new possibilities of memory reduction during network processing. As an introduction this thesis provides motivation and reasons for need to search new method for the memory reduction. In the following part there are theoretical analyses of NetFlow technology and two basic methods which can in principle reduce memory demands of stateful processing. Later on, there is described the design and implementation of solution which contains the application of these two methods to NetFlow architecture. The final part of this work summarizes the main properties of this solution during interaction with real data.
|
|
|
BigData Approach to Management of Large Netflow Datasets
Melkes, Miloslav ; Ráb, Jaroslav (referee) ; Ryšavý, Ondřej (advisor)
This master‘s thesis focuses on distributed processing of big data from network communication. It begins with exploring network communication based on TCP/IP model with focus on data units on each layer, which is necessary to process during analyzation. In terms of the actual processing of big data is described programming model MapReduce, architecture of Apache Hadoop technology and it‘s usage for processing network flows on computer cluster. Second part of this thesis deals with design and following implementation of the application for processing network flows from network communication. In this part are discussed main and problematic parts from the actual implementation. After that this thesis ends with a comparison with available applications for network analysis and evaluation set of tests which confirmed linear growth of acceleration.
|
guest ::
