|
|
Detection and mitigation of cyber attacks at local area networks
Racka, Jan ; Lieskovan, Tomáš (referee) ; Gerlich, Tomáš (advisor)
The bachelor thesis is focused on the detection and mitigation of flood attacks in local area networks. The thesis can be divided into two parts. In the theoretical part, first flooding attacks are described. Then, the problem of attack detection is discussed in depth, including the implemented detection methods. Subsequently, the classification of detection tools by location is discussed and examples of detection tools are given. The last theoretical section is devoted to network mapping methods and topology detection tools. In the practical part, the design of the IDS and the test network is discussed. The network consists of three end devices namely: the IDS, the victim and the attacker. A Mikrotik router is used to ensure connectivity between all the devices. The IDS has been implemented in Python and is composed of individual modules that extend its functionality. The most important module is the detection module, which contains detection methods against SYN Flood, UDP Flood, ICMP Flood attacks and one universal comprehensive method against all flood attacks. The ARP Scan module allowed the IDS to map the network and use ARP queries to detect the presence of endpoint devices in the network. The learning module made it easier to set up rules for each detection method by monitoring network traffic over a period of time. It then determines appropriate rule values from the detected data. The SSH module provided IDS with the ability to proactively respond to attacks and disconnect the attacker from the rest of the network. ARP Scans also use the SSH module to discover information about guests. The IDS has been tested in both virtual and real environments. The results show that the developed detection methods work and the IDS can stop the attack in a reasonable time. ARP Scanning was also tested and was able to detect new guests on average in the first pass. The effect of IDS on communication was also monitored and found to be minimal.
|
|
|
Effective evaluation of losses to buildings affected by flood
Tuscher, Martin ; Schneiderová-Heralová,, Renáta (referee) ; Kocanda,, Pavel (referee) ; Zeleňáková,, Martina (referee) ; Hanák, Tomáš (advisor)
This doctoral thesis deals with the valuation of damage to buildings affected by floods. In its individual parts, it researches floods as a risk, focuses on the damage caused by this natural phenomenon and examines the methods used to assess the damages caused by floods. With the beginnings of human settlement, the vicinity of rivers has been inhabited for the many befits that watercourses bring. However, there are many dangers associated with this, especially the ones associated with the spillage of riverbeds – with floods. This phenomenon causes considerable damage to property, the environment or human health and lives. There are many measures to eliminate the risk of flooding, or at least mitigate its effects. This work further researches the mitigating of impacts – it examines the methods of determining the amount of damage to buildings caused by floods, looks for factors and parameters influencing the amount of damage and focuses on streamlining these methods. The aim of the thesis is to find a suitable methodology/model that can automate the calculation of the amount of damage, or in other words, to find a quick and at the same time sufficiently accurate solution to this problem. The main output of the thesis is the equation of the damage curve and a model for the amount of damage calculation based on the principle of damage curves using the hybrid genetic algorithm. Another output is a practical tool that works on the basis of the said algorithm and automatically calculates the amount of damage to the building when entering very basic information about the damaged object.
|
|
|
Implementation of plugins for JMeter
Švehlák, Milan ; Člupek, Vlastimil (referee) ; Martinásek, Zdeněk (advisor)
This thesis discusses the load testing tool JMeter and its opportunities for expansion by modules carrying out cyber attacks of the type Denial of Service (DoS). To begin with, there is a theoretical overview of cyber attacks of this type. The following chapter, talks about the JMeter tool, namely its functions and expansion options. After that, it is proceeded to the actual design and realization of the modules. The module implementing the attack HTTP Flood is created first. This module uses internal functions of the program JMeter. This new module is tested. Next chapter folows the procedure of creating modules, that use external generator of network traffic. Modules SYN Flood, ICMP Flood and NTP Flood are implemented using the generator Trafgen. Module implementing attack Slowloris uses a Python script as a generator of the attack. Finally, all the new modules are tested.
|
|
|
Generator of illegitimate network traffic
Blažek, Ondřej ; Smékal, David (referee) ; Blažek, Petr (advisor)
The diploma thesis deals with the problems of DoS/DDoS attacks and development of a tool, in C lanugage, for generating them. In the first chapter the principles of DoS attacks targeting the internet and transport layers of ISO/OSI model are described and also according to their characteristics divided. Selected attacks on the application layer are also described here in detail togehter with protocols which they are based on. In the following chapter there has been created a comparison of freely available tools, which could be used as a attack generators. The practical part is dedicated to a development of a tool for DoS attacks, especially design, general description and usage. Further there is a summary of the newly created library, including results of web server testing, and extensions of a web interface, which is part of the developed tool.
|
|
|
Stress tester
Lanžhotský, Karel ; Člupek, Vlastimil (referee) ; Zeman, Václav (advisor)
This bachelor thesis deals with the matter of stress testing using open-source tool Apache JMeter and it’s extensions. Main output is the extension of the module which allows to produce DoS (denial of service) attacks. At the beginning of the thesis, there are characteristics for this type of attack, what types of DoS exist with some examples. After that, there’s testing, verification of functionality and finding of errors in extension modules. At the end thesis is dedicated to adding features to DDoS module and testing of capabilities of the attacks on created scenarios.
|
|
|
Static methods for detection DDoS attacks
Miško, Lukáš ; Dvořák, Jan (referee) ; Blažek, Petr (advisor)
This thesis contains a theoretical basic for solution to issue of network anomalies with use of static methods and it also contains software as a solution for detection of network attacks. The main point of thesis is detection of DoS (Denial of Service) attacks. In thesis is located an analysis of DoS attacks rate categorization. Further in thesis is located analysis of protocols TCP (Transmission Control Protocol) and UDP (User Datagram Protocol), their possible use to attacks SYN flood and UDP flood. Here are analysed three static methods and their detailed description. There is also a analysis of collected data and their comparison in the thesis. Thesis contains description and the results testing of software which is used to detect attacks in network, at the end.
|
|
|
Statistical anomaly detection methods of data communication
Woidig, Eduard ; Mangová, Marie (referee) ; Slavíček, Karel (advisor)
This thesis serves as a theoretical basis for a practical solution to the issue of the use of statistical methods for detecting anomalies in data traffic. The basic focus of anomaly detection data traffic is on the data attacks. Therefore, the main focus is the analysis of data attacks. Within the solving are data attacks sorted by protocols that attackers exploit for their own activities. Each section describes the protocol itself, its usage and behavior. For each protocol is gradually solved description of the attacks, including the methodology leading to the attack and penalties on an already compromised system or station. For the most serious attacks are outlined procedures for the detection and the potential defenses against them. These findings are summarized in the theoretical analysis, which should serve as a starting point for the practical part, which will be the analysis of real data traffic. The practical part is divided into several sections. The first of these describes the procedures for obtaining and preparing the samples to allow them to carry out further analysis. Further described herein are created scripts that are used for obtaining needed data from the recorded samples. These data are were analyzed in detail, using statistical methods such as time series and descriptive statistics. Subsequently acquired properties and monitored behavior is verified using artificial and real attacks, which is the original clean operation modified. Using a new analysis of the modified traffics compared with the original samples and an evaluation of whether it has been some kind of anomaly detected. The results and tracking are collectively summarized and evaluated in a separate chapter with a description of possible further attacks, which were not directly part of the test analysis.
|
|
|
Reakce sazenic vybraných druhů dřevin na zaplavení
Ryšavý, Jan
The thesis investigates the response to flooding of five species types of trees occurring in floodplain forests of South Moravia. This work aimed to evauate different lengths of the seedling flooding and examined seedling vitality and mortality. The investigated tree species were summer oak (Quercus robur L.), hornbeam elm (Ulmus minor Mill.), heart linden (Tilia cordata Mill.), hornbeam (Carpinus betulus L.) and field maple (Acer campestre L.). The flooding experiment was conducted from April to July 2022 and at different time intervals (7-14 days) the seedlings were flooded up to the root collar. Control seedlings were not flooded but only watered. 140 seedlings of each species were flooded and were gradually removed from the flood. The results show that relatively low mortality was observed for the flooded trees in all intervals. It was lowest for Quercus robur and Tilia cordata, which were characterized by high vitality in addition to low mortality. Ulmus minor was characterized by moderately vital seedlings. Acer campestre and Carpinus betulus had the highest mortality and their vitality decreased significantly towards the end of the experiment. The hypothesis of Quercus robur's resistance to flooding has been confirmed, which means the seedlings of this tree can probably cope well with flooding even in the conditions of floodplain forests. Tilia cordata also coped very well with flooding. It has probably invested in trunk thickness in response to water stress, adapted to flooding and thus gained a competitive advantage over other tree species. The thesis confirmed the assumption that Quercus robur is a resilient tree species to flooding and Tilia cordata showed higher resilience than expected.
|
|
|
Stress tester
Lanžhotský, Karel ; Člupek, Vlastimil (referee) ; Zeman, Václav (advisor)
This bachelor thesis deals with the matter of stress testing using open-source tool Apache JMeter and it’s extensions. Main output is the extension of the module which allows to produce DoS (denial of service) attacks. At the beginning of the thesis, there are characteristics for this type of attack, what types of DoS exist with some examples. After that, there’s testing, verification of functionality and finding of errors in extension modules. At the end thesis is dedicated to adding features to DDoS module and testing of capabilities of the attacks on created scenarios.
|
|
|
Detection and mitigation of cyber attacks at local area networks
Racka, Jan ; Lieskovan, Tomáš (referee) ; Gerlich, Tomáš (advisor)
The bachelor thesis is focused on the detection and mitigation of flood attacks in local area networks. The thesis can be divided into two parts. In the theoretical part, first flooding attacks are described. Then, the problem of attack detection is discussed in depth, including the implemented detection methods. Subsequently, the classification of detection tools by location is discussed and examples of detection tools are given. The last theoretical section is devoted to network mapping methods and topology detection tools. In the practical part, the design of the IDS and the test network is discussed. The network consists of three end devices namely: the IDS, the victim and the attacker. A Mikrotik router is used to ensure connectivity between all the devices. The IDS has been implemented in Python and is composed of individual modules that extend its functionality. The most important module is the detection module, which contains detection methods against SYN Flood, UDP Flood, ICMP Flood attacks and one universal comprehensive method against all flood attacks. The ARP Scan module allowed the IDS to map the network and use ARP queries to detect the presence of endpoint devices in the network. The learning module made it easier to set up rules for each detection method by monitoring network traffic over a period of time. It then determines appropriate rule values from the detected data. The SSH module provided IDS with the ability to proactively respond to attacks and disconnect the attacker from the rest of the network. ARP Scans also use the SSH module to discover information about guests. The IDS has been tested in both virtual and real environments. The results show that the developed detection methods work and the IDS can stop the attack in a reasonable time. ARP Scanning was also tested and was able to detect new guests on average in the first pass. The effect of IDS on communication was also monitored and found to be minimal.
|
guest ::
