|
|
Network Attack Simulator
Filičko, Dávid ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
The thesis discusses about study of networks attacks and framework monitoring packets in the network. It proceeds especially network attacks, which can be detected without knowledge about the contents of packets. The aim of this thesis is to develop the simulator based on detected features, which will simulate these attacks. The output from the simulator will be created in the Nemea framework to improve the quality of tools of detection and prevention of given attacks. The simulator will be functioning for testing purpose only. Under no circumstances it will be possible to realize individual attacks.
|
|
|
Network Attack Generator
Buček, Hynek ; Košař, Vlastimil (referee) ; Bartoš, Václav (advisor)
This thesis is focused on the study of the best-known network attacks, especially on those that can be theoretically detected without knowledge of the contents of transmitted messages. The goal is to use the basis of acquired knowledge to create a tool that will simulate the behavior of the communication in different network attacks. Simulation outputs will be used for testing the quality of security tools designed to defend against network attacks. The simulator will be used only for offline testing, it will not be possible to carry out real attacks. Purpose of this work is to improve the security against network attacks nowadays.
|
|
|
Similarity Searching in Network Data
Hud, Jakub ; Krobot, Pavel (referee) ; Wrona, Jan (advisor)
This bachelor thesis is interested in analyzing IP flow records. IP flow record contains IP flow metadata of specific network communication such as IP addresses, port numbers, network protocol numbers and other. Main goal is to design and implement metrices to determine similarity of NetFlow records. At the beginning of this thesis is description of how to analyze great amount of data. Next there are shown network monitoring technicies and NetFlow. Other parts of this thesis are dedicated to design and implementation of data analysis using DBSCAN algorithm. Implementation of data analysis application is also part of this thesis. As a result, the application can be used to network scan detection using NetFlow data although the results are not very clear and contain a lot of legitimate communication.
|
|
|
Similarity Searching in Network Data
Hud, Jakub ; Matoušek, Denis (referee) ; Wrona, Jan (advisor)
This bachelor thesis is interested in analyzing IP flow records. IP flow record contains IP flow metadata of specific network communication such as IP addresses, port numbers, network protocol numbers and other. Main goal is to design and implement method for determination of similarity of NetFlow records. At the beginning of this thesis is description of how to analyze great amount of data. Next there are shown network monitoring technicies and NetFlow. Other parts of this thesis are dedicated to design and implementation of data analysis using DBSCAN and agglomerative hierarchical clustering algorithms. Implementation of data analysis application is also part of this thesis. As a result, the application can be used to network scan detection using NetFlow data although the results are not very clear and contain a lot of legitimate communication.
|
|
|
LAN Security Monitoring
Grégr, Matěj ; Trchalík, Roman (referee) ; Očenášek, Pavel (advisor)
This bachelor thesis deals with security in LAN networks and monitoring security and availability of selected ports. The thesis gives a brief overview of the LAN attacks, defense techniques that are used to prevent them and port scanning techniques. In the practical part of my thesis I have implemented the set of functions collected in library. These functions are ready to be used for testing of ports availability and analysis of open services. The implementation is realized in C language, Libnet and Pcap libraries and bash scipts and the web control panel is implemented in HTML and PHP.
|
|
|
Detection and Automatic Analysis of Network Scans
Procházka, Aleš ; Kováčik, Michal (referee) ; Krobot, Pavel (advisor)
This bachelor thesis is focused on a computer network monitoring that utilizes flows. Firstly, there is a framework Nemea described, which can be used to build a complex system for network attack detection, and whose module is developed within the thesis. Secondly, port scanning is explained and different methods that can be used to scan ports are defined. The module is designed to detect horizontal scanning. The idea behind this method is to compare a unique number of destination IP addresses, which were asked for with a specific port, with a given threshold in a specific time window. Finally, in the practical part of the thesis the implementation of the module is described and results of the experiments on real data from Cesnet are presented.
|
|
|
Detection of Network Attacks Using Tshark
Dudek, Jindřich ; Ryšavý, Ondřej (referee) ; Holkovič, Martin (advisor)
This diploma thesis deals with the design and implementation of a tool for network attack detection from a captured network communication. It utilises the tshark packet analyser, the meaning of which is to convert the input file with the captured communications to the PDML format. The objective of this conversion being, increasing the flexibility of input data processing. When designing the tool, emphasis has been placed on the ability to expand it to detect new network attacks and on integrating these additions with ease. For this reason, the thesis also includes the design of a complex declarative descriptions for network attacks in the YAML serialization format. This allows us to specify the key properties of the network attacks and the conditions for their detection. The resulting tool acts as an interpreter of proposed declarative descriptions allowing it to be expanded with new types of attacks.
|
|
|
Active Response to Selected Network Attacks
Wysoglad, Jaromír ; Martínek, Tomáš (referee) ; Žádník, Martin (advisor)
The goal of this thesis is to design and implement an active response to a chosen network attack. In the thesis are mentioned a few different possible responses to network attacks. These reactions are then compared using a few different criteria and the most appropriate response is then chosen for implementation. This response is then described in detail and its implementation is proposed. In the later fazes of the thesis the reaction is implemented and tested. The chosen reaction can react to two types of attacks. The first type is a port scan. The implemented project can answer a port scan instead of the original victim. The second type is a situation, when an attacker is trying to log into an SSH server of the victim. The project can reroute these login attempts to a honeypot, which can record the used login credentials. After this, it's possible to let the attacker to successfuly login. In this sitation the honeypot will reroute the attacker to a docker container, so the attacker will think, that this is a real ssh server. The honeypot will then record attacker's every move on the container. As a part of the thesis, there is also a simple application, which allows the defender to replay the recorded attack. The defender will se exactly the same output as the attacker saw during the attack.
|
|
|
LAN Security Monitoring
Grégr, Matěj ; Trchalík, Roman (referee) ; Očenášek, Pavel (advisor)
This bachelor thesis deals with security in LAN networks and monitoring security and availability of selected ports. The thesis gives a brief overview of the LAN attacks, defense techniques that are used to prevent them and port scanning techniques. In the practical part of my thesis I have implemented the set of functions collected in library. These functions are ready to be used for testing of ports availability and analysis of open services. The implementation is realized in C language, Libnet and Pcap libraries and bash scipts and the web control panel is implemented in HTML and PHP.
|
|
|
Similarity Searching in Network Data
Hud, Jakub ; Krobot, Pavel (referee) ; Wrona, Jan (advisor)
This bachelor thesis is interested in analyzing IP flow records. IP flow record contains IP flow metadata of specific network communication such as IP addresses, port numbers, network protocol numbers and other. Main goal is to design and implement metrices to determine similarity of NetFlow records. At the beginning of this thesis is description of how to analyze great amount of data. Next there are shown network monitoring technicies and NetFlow. Other parts of this thesis are dedicated to design and implementation of data analysis using DBSCAN algorithm. Implementation of data analysis application is also part of this thesis. As a result, the application can be used to network scan detection using NetFlow data although the results are not very clear and contain a lot of legitimate communication.
|
guest ::
