|
|
IP Flow Filter
Štoffa, Imrich ; Krobot, Pavel (referee) ; Wrona, Jan (advisor)
This thesis is focused on unification of filtering languages used by IP flow collecting program and library for their analysis. At the moment these implementations use different filtering modules and file formats. Because of this, inconsistencies in results arise and as a response to this, creation of one filtering module was proposed as part of effort to better integrate collection and analysis of IP flows using these programs. The one filtering module aims to provide one implementation and support for popular filtering language for use in the programs. Thesis contains theoretical introduction to flow monitoring in networks, describes algorithms useful for evaluation of conditions on flow records and packets. The core of authors work is design and implementation of the filtering module and its wrappers for the collector and analysis library. Results of performance tests and evaluation of features can be found in the thesis's conclusion.
|
|
|
Similarity Searching in Network Data
Hud, Jakub ; Krobot, Pavel (referee) ; Wrona, Jan (advisor)
This bachelor thesis is interested in analyzing IP flow records. IP flow record contains IP flow metadata of specific network communication such as IP addresses, port numbers, network protocol numbers and other. Main goal is to design and implement metrices to determine similarity of NetFlow records. At the beginning of this thesis is description of how to analyze great amount of data. Next there are shown network monitoring technicies and NetFlow. Other parts of this thesis are dedicated to design and implementation of data analysis using DBSCAN algorithm. Implementation of data analysis application is also part of this thesis. As a result, the application can be used to network scan detection using NetFlow data although the results are not very clear and contain a lot of legitimate communication.
|
|
|
Module for Network Policy Monitoring in Flow Data
Piecek, Adam ; Kučera, Jan (referee) ; Wrona, Jan (advisor)
The aim of this master's thesis is to design a language through which it would be possible to monitor a stream of network flows in order to detect network policy violations in the local network. An analysis of the languages used in the data stream management systems and an analysis of tasks submitted by the potential administrator were both carried out. The analysis specified resulted in the language design which represents pipelining consisting of filtering and aggregation. These operations can be clearly defined and managed within security rules. The result of this thesis also results in the Policer modul being integrated in the NEMEA system, which is able to apply the main commands of the proposed language. Finally, the module meets the requirements of the specified tasks and may be used for further development in the area of monitoring network policies.
|
|
|
Monitoring Service Properties of an IPFIX Collector
Kala, Jan ; Žádník, Martin (referee) ; Wrona, Jan (advisor)
This bachelor's thesis addresses possible ways of monitoring IPFIX collector, which is used for the collection of metadata about network traffic. The thesis briefly introduces the pro- blematics of monitoring and describes the current state of IPFIX collector, which is being developed by an organization called CESNET. It also describes service properties, which can be monitored during the process of data collection using the IPFIX protocol. A new plugin is described, which is intended for the collection and the export of service properties. The thesis describes an implementation and contains results of testing of the new plugin.
|
|
|
Conversion between Formats for Sharing of Network Security Alerts
Eis, Pavel ; Wrona, Jan (referee) ; Žádník, Martin (advisor)
There are many platforms and systems designed for sharing cyber security incidents and events, which often use different security formats. This way it gets harder or even not possible to share security incidents and events between organizations, which are using these platforms. Solution of this problem may be creation of converters, which are capable of converting used security formats between each other. This work solves conversion between security formats IDEA, MISP and STIX. In the process of conversion, it is important to care about conversion flow, to prevent information loss or different category of event assignment, than which it was originally represented by. If the conversion is accurate enough, it can be easier achieved more precise and broader analysis of cyber security incidents.
|
|
|
Similarity Searching in Network Data
Hud, Jakub ; Matoušek, Denis (referee) ; Wrona, Jan (advisor)
This bachelor thesis is interested in analyzing IP flow records. IP flow record contains IP flow metadata of specific network communication such as IP addresses, port numbers, network protocol numbers and other. Main goal is to design and implement method for determination of similarity of NetFlow records. At the beginning of this thesis is description of how to analyze great amount of data. Next there are shown network monitoring technicies and NetFlow. Other parts of this thesis are dedicated to design and implementation of data analysis using DBSCAN and agglomerative hierarchical clustering algorithms. Implementation of data analysis application is also part of this thesis. As a result, the application can be used to network scan detection using NetFlow data although the results are not very clear and contain a lot of legitimate communication.
|
|
|
Remote Configuration of P4 Device
Neruda, Jakub ; Kučera, Jan (referee) ; Wrona, Jan (advisor)
Administration of a large network from a central node with a vendor independent API is quite important issue these days. The concept of SDN was truly helpful with realization of the solution, namely in the form of the OpenFlow protocol. Nowadays, a P4 language is gaining momentum, primarily thanks to its ability to describe whole packet processing pipeline and also for the P4 Runtime, solution to the distributed network configuration. CESNET association is one of the research groups starting to support P4 in their network cards beloging to the Combo series. In this work, an API was designed for these cards, aimed at the dynamic flow table configuration. This API was used for implementation of a basic support of the Combo cards in the P4 Runtime.
|
|
|
Mitigation of DoS Attacks Using Neural Networks
Odehnal, Tomáš ; Wrona, Jan (referee) ; Kučera, Jan (advisor)
This bachelor's thesis deals with design and implementation of two approaches as protection against SYN Flood attacks, which are part of DoS attacks. Nowadays Denial of Service attack are very widespread and their execution are quite simple. While they can cause big financial damage to internet or service providers. The purpose of this work is to determine that conventional algorithmic approach and heuristic approach using neural network are capable of SYN Flood attacks mitigation. Implementation of both approaches were done by their design. Then both implementations were tested.
|
|
|
Optimization of Distributed Network Flow Collector
Wrona, Jan ; Grégr, Matěj (referee) ; Žádník, Martin (advisor)
This thesis is focused on the optimization of distributed IP flow information collector. Nowadays, the centralized collector is a frequently used solution but is already reaching its performance limits in large scale and high-speed networks. The implementation of the distributed collector is in its early phase and it is necessary to look for solutions that will use it to its full potential. Therefore this thesis proposes a shared nothing architecture without a single point of failure. Using the above proposed architecture, the distributed collector is tolerant to the failure of at least one node. A distributed flow data analysis software, whose performance scales linearly with the number of nodes, is also part of this thesis.
|
|
|
Heuristic Methods for the Mitigation of DDoS Attacks that Abuse TCP Protocol
Goldschmidt, Patrik ; Wrona, Jan (referee) ; Kučera, Jan (advisor)
TCP SYN Flood is one of the most wide-spread DoS attack types used on computer networks nowadays. As a possible countermeasure, this thesis proposes a network-based mitigation method TCP Reset Cookies. The method utilizes the TCP three-way-handshake mechanism to establish a security association with a client before forwarding its SYN data. The algorithm can effectively mitigate even more sophisticated SYN flood attacks at the cost of 1-second delay for the first established connection. However, the method may not be suitable for all the scenarios, so decision-making algorithm to switch between different SYN Flood mitigation methods according to discovered traffic patterns was also developed. The project was conducted as a part of security research by CESNET. The discussed implementation of TCP Reset Cookies is already integrated into a DDoS protection solution deployed in CESNET's backbone network and Czech Internet exchange point at NIX.CZ.
|
guest ::
