|
|
Extension of the Monitoring Probe with Wi-Fi Support
Findra, Michal ; Tisovčík, Peter (referee) ; Orsák, Michal (advisor)
The purpose of this work is to study Wi-Fi networks and their security and to create an extension for network probe, which is able to catch and analyze Wi-Fi traffic developed by The Accelerated Network Technologies (ANT) research group on FIT BUT. Study of software flexprobe components are described with proposal of wireless extension. Wi-Fi standards are described with their flaws and tools to crack Wi-Fi security with ability to intercept traffic on specific network. Implementation of wireless extension with testing is described in the last part of this thesis.
|
|
|
Automatic Testing of Software
Mrázik, Matej ; Tisovčík, Peter (referee) ; Korček, Pavol (advisor)
The main goal of the bachelor thesis is to automate the testing of IQRF Gateway Daemon software. The practical output is a tool capable of testing the IQRF Gateway Daemon through an emulated virtual network of intelligent devices. In the theoretical part, the work outlines the issues of software testing to the reader. These principles are then applied in testing the IQRF GW Daemon. The reader will get acquainted with the resulting tool and its functionality, which will be able to further expand if necessary.
|
|
|
Information Fusion for Classification of Network Devices
Sedláček, Ondřej ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This work is focused on solving information fusion when dealing with multiple data sources in computer network monitoring. A solution built on the concept of classification rules configured by experts is presented. Configuration is simplified using a designated configuration language interpreted by the solution. The classification rules enable coverage of diverse types of data. The result is given as a label from specified taxonomy. Using a taxonomy maintains the different levels of detail between the data sources, even in the output label. The solution also uses the Dempster-Schafer theory for merging labels from different sources into a single output label. Results of experiments show that information fusion in this context does increase the accuracy of device classification. A process of rule optimization was developed based on testing and experiments with a dataset from a real network. The accuracy was increased by 19 % compared to the original solution using this process.
|
|
|
Air Quality Analysis in Office and Residential Areas
Tisovčík, Peter ; Korček, Pavol (referee) ; Kořenek, Jan (advisor)
The goal of the thesis was to study the indoor air quality measurement focusing on the concentration of carbon dioxide. Within the theoretical part, data mining including basic classification methods and approaches to dimensionality reduction was introduced. In addition, the principles of the developed system within IoTCloud project and available possibilities for measurement of necessary quantities were studied. In the practical part, the suitable sensors for given rooms were selected and long-term measurement was performed. Measured data was used to create the system for window opening detection and for the design of appropriate way of air change regulation in a room. The aim of regulation was to improve air quality using natural ventilation.
|
|
|
Inference of DDoS Mitigation Rules
Jacko, Daniel ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This thesis focuses on DDoS attacks, their types and means of their mitigation. The aim of the thesis is to design and implement an algorithm which would be able to derive rules to block DDoS attacks. For this, we chose the algorithm of machine learning, a decision tree, which starts operating as soon as the attack is detected. The algorithm operates with a sample of data detected during the attack, and with a sample of legitimate communication. A part of this thesis is also a description of a BPF format and an overview of executed experiments.
|
|
|
Analysis of DDoS Backscatter Traffic in Network Flow Data
Marušiak, Martin ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
This work focuses on detection of denial of service (DoS) attacks which utilize random spoofing of source IP address in attack packets. These types of attacks lead to generation of side effect in a form of backscatter that can be used to identify victims of such attacks. Backscatter analysis has so far been limited to unused address space ranges referred to as network telescopes. This work therefore proposes a new method of DoS attack detection via backscatter outside of network telescope environment where legitimate user traffic is also present. Furthermore proposed approach uses only abstracted traffic in a form of network flows. Presented method was implemented as part of NEMEA system and tested on real flow data capture provided by CESNET.
|
|
|
Detection of Malicious Domain Names
Setinský, Jiří ; Perešíni, Martin (referee) ; Tisovčík, Peter (advisor)
The bachelor thesis deals with the detection of artificially generated domain names (DGA). The generated addresses serve as a means of communication between the attacker and the infected computer. By detection, we can detect and track infected computers on the network. The detection itself is preceded by the study of machine learning techniques, which will then be applied in the creation of the detector. To create the final classifier in the form of a decision tree, it was necessary to analyze the principle of DGA addresses. Based on their characteristics, the attributes were extracted, according to which the final classifier will be decided. After learning the classification model on the training set, the classifier was implemented in the target platform NEMEA as a detection module. After final optimizations and testing, we achieved a accuracy of the classifier of 99%, which is a very positive result. The NEMEA module is ready for real-world deployment to detect security incidents. In addition to the NEMEA module, another model was created to predict the accuracy of datasets with domain names. The model is trained based on the characteristics of the dataset and the accuracy of the DGA detector, whose behavior we want to predict.
|
|
|
Profiling of Network Traffic for DDoS Mitigation
Ligocká, Alexandra ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
The aim of this work is to propose metrics for \gls{ddos} attacks detection and setting the thresholds of normal network traffic in a given computer network at different levels of detail. Based on the selected metrics and network flow data, a network profile is extracted and afterwards stored in memory. Within the implementation part, this work deals with the implementation of program for the collection and calculation of specified metrics, their processing, storage and provides a simple interface providing access to stored data.
|
|
|
Wi-Fi Password Cracking
Šopf, Petr ; Tisovčík, Peter (referee) ; Orsák, Michal (advisor)
This bachelor's thesis deals with the issues of Wi-Fi networks security. The first part of thesis is about security options and issues related to those options. Next part compares most used tools for Wi-Fi attacks and lists features of those tools. Best tool is then used and software for sniffing communication between access point and client is created. Sniffing tool is created in two version, one version is used for standalone devices and another one for probe developed on FIT BUT.
|
|
|
Profiling of Network Entities to Improve Situational Awareness
Bolf, René ; Tisovčík, Peter (referee) ; Žádník, Martin (advisor)
Having a good situational awareness is an important part of computer security. Knowing what is connected to the network, where it is located, and who is communicating can help make better and faster decisions when security incidents occur. This thesis is focusing on the profiling of network entities at the device level. More specifically, it focuses on the passive identification of operating systems. Every packet transferred in the network carries a specific information in its packet header that reflects the initial settings of a host's operating system. The set of these information is called the "fingerprint" of an operating system. In the thesis, there is described an implementation of a machine learning classifier using the decision tree method, which uses features from TCP and IP headers. The classifier was evaluated on a data set containing data from real network traffic and has achieved accuracy of 96 % when classifying into 9 classes of operating systems.
|
guest ::
