|
|
Security Monitoring of Applications in Azure
Doležal, Vojtěch ; Petr,, Svojanovský (referee) ; Ondrák, Viktor (advisor)
This thesis combines two major topics of today's IT. Security and cloud computing is something that every company is dealing with today and entire countries are aware of their importance. The thesis deals with the monitoring and security of services in Microsoft Azure secured exclusively by native services. The goal of the thesis is to find out whether native Azure security services can replace the shortcomings in the security of the applications themselves. If these services are not able to do that, it must be decided whether their usage is beneficial. The theoretical part deals with cloud computing and information security. The analytical part describes Skoda Auto and the Microsoft Azure service, including the important services it offers. The design part documents the testing and the results obtained by it. The result of the work is the finding that the deployment of monitoring and security in the cloud does not solve the problem of insufficiently secure applications. However, it can contribute to security, not only to the security of the applications themselves, but also to the security of the entire cloud environment.
|
|
|
Integration of advanced artificial intelligence methods with log management security systems
Sedláček, Jiří ; Mikulec, Marek (referee) ; Safonov, Yehor (advisor)
Cyber security is a very important aspect of everyone’s daily life. With the ever-expanding cyberspace and its growing influence on the real world, the issue of cyber security is all the more important. The theoretical part of the thesis describes the basic aspects of security monitoring. Also, the process of collecting event logs and their management is briefly described. An important means of security monitoring is the management of security information and events. Its advantages, disadvantages and possible improvements with artificial intelligence are discussed. Security orchestration, automation and response functions are also mentioned in the theoretical part. Machine learning techniques such as neural networks and deep learning are also mentioned. This section also focuses on cyber operations centres in terms of improving the efficiency of human ”manual” labour. A survey of possible machine learning techniques for this use case has been conducted, as the lack of human resources is a critical issue within security operations centres. The practical part of the thesis involves setting out a goal (text sequence classification) that could make the work considerably easier in terms of manually categorizing event logs according to their source. For this set task, security monitoring related data was collected from different log sources. In the practical part, the methods for processing this data are also described in detail. Subsequently, a suitable neural network model was selected and its technical description was performed. Finally, the final data processing and the process of training, validating and testing the model are described. Three scenarios were developed for this process, which are then described in detail in the measurement results.
|
|
|
Log Analysis Using TeskaLab Platform
Kocinec, Patrik ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This work describes the usage of machine learning methods for processing logging information on LogMan.io system. The work includes a description of methods of processing logging information for the purposes of security monitoring, as well as machine learning methods and principles of data processing. Subsequently, the work focuses on the introduction of the LogMan.io system and its components. Then, an application for processing logging information is designed and implemented on LogMan.io system, which uses machine learning methods to detect malign domains. When implementing the application for model training, several methods were used focusing on the accuracy of detection.
|
|
|
Industrial control system security design
Strnad, Matěj ; Martin,, Keprt (referee) ; Sedlák, Petr (advisor)
The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.
|
|
|
Tool for mapping computer infrastructure assets and designing SIEM correlation rules for security monitoring
Hrabálek, Matěj ; Caha, Tomáš (referee) ; Safonov, Yehor (advisor)
With the growing popularity of the SOC service, which often uses SIEM tools, new challenges arise regarding the implementation of these tools into individual infrastructures that can face cyber attacks. SIEM tools can detect cyber attacks only if they are configured correctly, i.e. they collect the right logs. This bachelor’s thesis is used for the facilitation of the process of implementing SIEM into the internal infrastructure. They discuss the appropriate categorization of log sources and correlation rules, the naming of correlation rules, and a system for mapping log sources to relevant correlation rules is proposed, which facilitates the implementation of SIEM into the infrastructure. All knowledge is then implemented into a web application, which is the practical output of this bachelor’s thesis. The web application allows the user, who is going to implement a SIEM service into their own infrastructure, to enter data about the infrastructure, especially log sources that can be generated in the infrastructure, and offers suitable correlation rules, including their naming, to the respective log sources. In addition to logs, SIEM technology and correlation rules, the theoretical part also discusses general knowledge from cyber security and describes the Security Operations Center.
|
|
|
Security Monitoring of Applications in Azure
Doležal, Vojtěch ; Petr,, Svojanovský (referee) ; Ondrák, Viktor (advisor)
This thesis combines two major topics of today's IT. Security and cloud computing is something that every company is dealing with today and entire countries are aware of their importance. The thesis deals with the monitoring and security of services in Microsoft Azure secured exclusively by native services. The goal of the thesis is to find out whether native Azure security services can replace the shortcomings in the security of the applications themselves. If these services are not able to do that, it must be decided whether their usage is beneficial. The theoretical part deals with cloud computing and information security. The analytical part describes Skoda Auto and the Microsoft Azure service, including the important services it offers. The design part documents the testing and the results obtained by it. The result of the work is the finding that the deployment of monitoring and security in the cloud does not solve the problem of insufficiently secure applications. However, it can contribute to security, not only to the security of the applications themselves, but also to the security of the entire cloud environment.
|
|
|
Integration of advanced artificial intelligence methods with log management security systems
Sedláček, Jiří ; Mikulec, Marek (referee) ; Safonov, Yehor (advisor)
Cyber security is a very important aspect of everyone’s daily life. With the ever-expanding cyberspace and its growing influence on the real world, the issue of cyber security is all the more important. The theoretical part of the thesis describes the basic aspects of security monitoring. Also, the process of collecting event logs and their management is briefly described. An important means of security monitoring is the management of security information and events. Its advantages, disadvantages and possible improvements with artificial intelligence are discussed. Security orchestration, automation and response functions are also mentioned in the theoretical part. Machine learning techniques such as neural networks and deep learning are also mentioned. This section also focuses on cyber operations centres in terms of improving the efficiency of human ”manual” labour. A survey of possible machine learning techniques for this use case has been conducted, as the lack of human resources is a critical issue within security operations centres. The practical part of the thesis involves setting out a goal (text sequence classification) that could make the work considerably easier in terms of manually categorizing event logs according to their source. For this set task, security monitoring related data was collected from different log sources. In the practical part, the methods for processing this data are also described in detail. Subsequently, a suitable neural network model was selected and its technical description was performed. Finally, the final data processing and the process of training, validating and testing the model are described. Three scenarios were developed for this process, which are then described in detail in the measurement results.
|
|
|
Log Analysis Using TeskaLab Platform
Kocinec, Patrik ; Jeřábek, Kamil (referee) ; Ryšavý, Ondřej (advisor)
This work describes the usage of machine learning methods for processing logging information on LogMan.io system. The work includes a description of methods of processing logging information for the purposes of security monitoring, as well as machine learning methods and principles of data processing. Subsequently, the work focuses on the introduction of the LogMan.io system and its components. Then, an application for processing logging information is designed and implemented on LogMan.io system, which uses machine learning methods to detect malign domains. When implementing the application for model training, several methods were used focusing on the accuracy of detection.
|
|
|
Industrial control system security design
Strnad, Matěj ; Martin,, Keprt (referee) ; Sedlák, Petr (advisor)
The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.
|
guest ::
