|
|
Detecting RTOS Runtime Anomalies
Arm, Jakub ; Jalovecký, Rudolf (referee) ; Blecha, Petr (referee) ; Bradáč, Zdeněk (advisor)
Due to higher requirements of computational power and safety, or functional safety ofequipments intended for the use in the industrial domain, embedded systems containing areal-time operating system are still the active area of research. This thesis addresses thehardware-assisted control module that is based on the runtime model-based verificationof a target application. This subsystem is intended to increase the diagnostic coverage,particularly, the detection of the execution errors. After the specification of the architecture,the formal model is defined and implemented into hardware using FPGA technology.This thesis also discuss some other aspects and embodies new approaches in the area ofembedded flow control, e.g. the integration of the design patterns. Using the simulation,the created module was tested using the created scenarios, which follow the real programexecution record. The results suggest that the error detection time is lower than usingstandard techniques, such a watchdog.
|
|
|
Detection of modern Slow DoS attacks
Jurek, Michael ; Jonák, Martin (referee) ; Sikora, Marek (advisor)
S rozvojem propojených zařízení v síti internet se počet útoků zvětšuje. Útočníci můžou zneužít takového zranitelného zařízení a vytvořit (D)DoS útok proti své oběti. Tyto útoky se stávají čím dál tím víc sofistikovanější. Proto byla vytvořena nová kategorie DoS útoků s názvem Pomalé DoS útoky, u kterých se útočník snaží napodobit chování standardního uživatele. Útočník se snaží využít všech možností, které mu transportní či aplikační protokol umožňují jako např. náhodné zahazování paketů, neodesílání nebo pozdržování zpráv. Na druhou stranu tvorba vlastních aplikačních výplní těchto protokolů může způsobit stav odepření služby na cíleném aplikačním serveru. Tato práce navrhuje klasifikaci síťových toků a volbu parametrů, které můžou pomoci s detekcí pomalých DoS útoků. Mezi vybranými pomalými DoS útoky jsou Slow Read, Slow Drop a Slow Next. Pro každý útok je popsán proces komunikace z pohledu transportní a aplikační vrstvy. Dále jsou vybrány důležité parametry popisující tyto útoky a v neposlední řadě jsou diskutovány metody a nástroje umožňující tvorbu takových útoků. Tato práce se zabývá možnostmi a nástroji tvorby spojení pro útok a diskutuje základní komunikační koncepty tvorby paralelních spojení. Dále je navržen vlastní generátor pomalých DoS útoků s velkým množstvím parametrů, pomocí nichž může útočník definovat vlastní pomalé DoS útoky. Následující část popisuje testovací prostředí pro testování generovaných útoků, scénáře a nástroje zachycování síťového provozu pro tvorbu vlastního datového souboru, jež je dále použit pro detekci pomalých DoS útoků pomocí metod strojového účení s učitelem. Konrétně jsou použity rozhodovací stromy a náhodné lesy k výběrů důležitých paramterů či sloupců použitelných pro detekci pomalých DoS útoků.
|
|
|
Behavioral Analysis of DDoS Network Attacks
Kvasnica, Ondrej ; Homoliak, Ivan (referee) ; Očenášek, Pavel (advisor)
This bachelor thesis deals with anomaly detection in computer networks using artificial intelligence method. Main focus is on the detection of DDoS attacks based on the information from the lower layers of the OSI model. The target is to design and implement a system that is capable of detecting different types of DDoS attacks and characterize common features among them. Selected attacks are SYN flood, UDP flood and ICMP flood. Description and feature selection of the attacks is included. Furthermore, a system is designed that evaluates whether the network traffic (organized into flows) is a DDoS attack or not. Attacks are detected using the XGBoost method, which uses supervised learning. The final model is validated using cross-validation and tested on attacks generated by the author.
|
|
|
Deep Neural Networks for Defect Detection
Juřica, Tomáš ; Herout, Adam (referee) ; Hradiš, Michal (advisor)
The goal of this work is to bring automatic defect detection to the manufacturing process of plastic cards. A card is considered defective when it is contaminated with a dust particle or a hair. The main challenges I am facing to accomplish this task are a very few training data samples (214 images), small area of target defects in context of an entire card (average defect area is 0.0068 \% of the card) and also very complex background the detection task is performed on. In order to accomplish the task, I decided to use Mask R-CNN detection algorithm combined with augmentation techniques such as synthetic dataset generation. I trained the model on the synthetic dataset consisting of 20 000 images. This way I was able to create a model performing 0.83 AP at 0.1 IoU on the original data test set.
|
|
|
Automatic quality control of painted metal parts production using neural networks
Ježek, Štěpán ; Kolařík, Martin (referee) ; Burget, Radim (advisor)
This thesis is focused on the problem of visual quality control during painted metal parts fabrication. The main problem of the thesis is the design of automatic quality control method based on modern artificial intelligence and computer vision techniques. Quality control is an important part of a large number of industrial production processes, in which it is necessary to ensure compliance with a number of quality requirements for manufactured products. Until now, quality control is carried out mainly by specialized staff, who are subject to a number of expertise requirements. Currently known methods of visual quality control based on artificial intelligence are characterized by high demands on the size of the training data set and low tolerance for a significant change in position and rotation of the inspected objects relative to the scanning device. As a result of these shortcomings, the use of automated visual quality control in many current industrial applications is impossible. The main contribution of this thesis is the design of a new method for quality control, which shows a strong ability to function reliably even in cases where the above mentioned phenomena of change in position, rotation of objects and lack of training data occur during manufacturing. The accuracy of the method proposed in this thesis is experimentally verified on a data set based on the issue of quality control of painted metal parts. According to the measurement results of defect detection accuracy, the proposed method outperformed other, currently known methods by 10, 25 % using the AUROC metric.
|
|
|
Network Anomaly Detection Based on PCA
Krobot, Pavel ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with subject of network anomaly detection. The method, which will be described in this thesis, is based on principal component analysis. Within the scope of this thesis original design of this method was studied. Another two extensions of this basic method was studied too. Basic version and last extension was implemented with one little additional extension. This one was designed in this thesis. There were series of tests made above this implementation, which provided two findings. First, it shows that principal component analysis could be used for network anomaly detection. Second, even though the proposed method seems to be functional for network anomaly detection, it is still not perfect and additional research is needed to improve this method.
|
|
|
Network Anomaly Detection
Bartoš, Václav ; Kořenek, Jan (referee) ; Žádník, Martin (advisor)
This work studies systems and methods for anomaly detection in computer networks. At first, basic categories of network security systems and number of methods used for anomaly detection are briefly described. The core of the work is an optimization of the method based on detection of changes in distributions of packet features originally proposed by Lakhina et al. This method is described in detail and two optimizations of it are proposed -- first is focused to speed and memory efficiency, second improves its detection capabilities. Next, a software created to test these optimizations is briefly described and results of experiments on real data with artificially generated and also real anomalies are presented.
|
|
|
Anomaly Detection Based on SNMP Communication
Štěpán, Daniel ; Drga, Jozef (referee) ; Očenášek, Pavel (advisor)
The aim of this thesis was to develop a practically applicable set of methods for classification and detection of anomalies in computer network environments. I have created extensions to the network monitoring system in the form of two modules for an open source network monitoring tool based on machine learning. The created modules can learn the characteristics of normal network traffic. The first module, based on the algorithm Random Forest Classifier, detects and is able to classify several known denial-of-service attacks. The second module, based on the algorithm Local Outlier Factor, detects anomalous levels of network traffic. Attacks that the first module is able to classify are the following: TCP SYN flood, UDP flood and ICMP flood. Moreover, it was trained to detect the SSH Bruteforce attacks and the slow and fragmented Slowloris attack. While working on this thesis, I tested the device using the methods mentioned above. The experiments showed that the classification-based module is able to detect known attacks, except for the Slowloris attack, whose characteristics are not very different from normal traffic. The second module sucessfully detects higher levels of network traffic, but does not perform the classification.
|
|
|
Appropriate strategy for security incident detection in industrial networks
Kuchař, Karel ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
This diploma thesis is focused on problematics of the industrial networks and offered security by the industrial protocols. The goal of this thesis is to create specific methods for detection of security incidents. This thesis is mainly focused on protocols Modbus/TCP and DNP3. In the theoretical part, the industrial protocols are described, there are defined vectors of attacks and is described security of each protocol. The practical part is focused on the description and simulation of security incidents. Based on the data gathered from the simulations, there are identified threats by the introduced detection methods. These methods are using for detecting the security incident an abnormality in the network traffic by created formulas or machine learning. Designed methods are implemented to IDS (Intrusion Detection System) of the system Zeek. With the designed methods, it is possible to detect selected security incidents in the destination workstation.
|
|
|
Data Mining Case Study in Python
Stoika, Anastasiia ; Burgetová, Ivana (referee) ; Zendulka, Jaroslav (advisor)
This thesis focuses on basic concepts and techniques of the process known as knowledge discovery from data. The goal is to demonstrate available resources in Python, which enable to perform the steps of this process. The thesis addresses several methods and techniques focused on detection of unusual observations, based on clustering and classification. It discusses data mining task for data with the limited amount of inspection resources. This inspection activity should be used to detect unusual transactions of sales of some company that may indicate fraud attempts by some of its salespeople.
|
guest ::
