|
|
Distributed Processing of IP flow Data
Krobot, Pavel ; Kořenek, Jan (referee) ; Žádník, Martin (advisor)
This thesis deals with the subject of distributed processing of IP flow. Main goal is to provide an implementation of a software collector which allows storing and processing huge amount of a network data in particular. There was studied an open-source implementation of a framework for the distributed processing of large data sets called Hadoop, which is based on MapReduce paradigm. There were made some experiments with this system which provided the comparison with the current systems and shown weaknesses of this framework. Based on this knowledge there was created a specification and scheme for an extension of current software collector within this work. In terms of the created scheme there was created an implementation of query framework for formed collector, which is considered as most critical in the field of distributed processing of IP flow data. Results of experiments with created implementation show significant performance growth and ability of linear scalability with some types of queries.
|
|
|
Design and implementation of network collector
Bošeľa, Jaroslav ; Horváth, Tomáš (referee) ; Oujezský, Václav (advisor)
This master’s thesis deals with description of information protocol of network flow, mainly definition of Cisco NetFlow version 9. Describes it’s features, message format and attributes of transmitted data. The thesis is primarly focused onto NetFlow v9 transmitted template, which defines fileds and data in consecutive data flow. The essence of the thesis consists in implementation of simple NetFlow v9 parser, which has been programmed in Python prog.language, it’s tests of captured UDP data from file and port capture testing on development server in lab. There is a possibility of saving captured and parsed data into prepared database within implementation as output from capturing.
|
|
|
Flexible Network Flow Measurement
Varga, Ladislav ; Tobola, Jiří (referee) ; Žádník, Martin (advisor)
This thesis deals with designing the probe used for measuring network flows. It contains theoretical analysis of network measurment topic, description of algorithms and principles used for network flow measurement. Emphasis on the probe architecture lies on efficient indexing algorithm and flow record flexibility, such that user is able to define format of flow record.
|
|
|
System for Monitoring of Network Protocols
Selecký, Roman ; Dražil, Jan (referee) ; Kořenek, Jan (advisor)
It is necessary to monitor networks namely for diagnostics, troubleshooting, detection of anomalies and suspicious header encapsulations. This thesis aims to design and implement a system for monitoring protocol structure on 10 Gb networks, which will be able to capture packets based on the sequence of encapsulated protocols. To achieve requested throughput some tasks like packet parsing and packet filtering were accelerated in FPGA. Flexibility is achieved by using a tool that maps P4 programs, which define packet parsing process, to VHDL language. Based on the information gained from packet parsing, flow records are created and stored via IPFIX protocol. This information is displayed through a graphical user interface in the form of protocol tree, whose nodes are associated with flow records.
|
|
|
IP Flow Filter
Štoffa, Imrich ; Krobot, Pavel (referee) ; Wrona, Jan (advisor)
This thesis is focused on unification of filtering languages used by IP flow collecting program and library for their analysis. At the moment these implementations use different filtering modules and file formats. Because of this, inconsistencies in results arise and as a response to this, creation of one filtering module was proposed as part of effort to better integrate collection and analysis of IP flows using these programs. The one filtering module aims to provide one implementation and support for popular filtering language for use in the programs. Thesis contains theoretical introduction to flow monitoring in networks, describes algorithms useful for evaluation of conditions on flow records and packets. The core of authors work is design and implementation of the filtering module and its wrappers for the collector and analysis library. Results of performance tests and evaluation of features can be found in the thesis's conclusion.
|
|
|
Data Profiling Using IPFIX Mediator
Kozubík, Michal ; Bartoš, Václav (referee) ; Kořenek, Jan (advisor)
This thesis deals with the network data profiling using IPFIX mediator. The main task is effective data filtering and configurable profiles management. The profiles management is still not available for IPFIX mediator, which makes analysis of network traffic for users more difficult. Therefore this thesis deals with the design and implementation of configurable profiles management as a plug-in for IPFIX mediator. The plug-in uses profiles hierarchy with filtering rules for data sorting.
|
|
|
Detection of Cryptocurrency Miners Based on IP Flow Analysis
Šabík, Erik ; Krobot, Pavel (referee) ; Žádník, Martin (advisor)
This master’s thesis describes the general information about cryptocurrencies, what principles are used in the process of creation of new coins and why mining cryptocurrencies can be malicious. Further, it discusses what is an IP flow, and how to monitor networks by monitoring network traffic using IP flows. It describes the Nemea framework that is used to build comprehensive system for detecting malicious traffic. It explains how the network data with communications of the cryptocurrencies mining process were obtained and then provides an analysis of this data. Based on this analysis a proposal is created for methods capable of detecting mining cryptocurrencies by using IP flows records. Finally, proposed detection method was evaluated on various networks and the results are further described.
|
|
|
Compression of IP Flow Records
Kaščák, Andrej ; Kajan, Michal (referee) ; Žádník, Martin (advisor)
My Master's thesis deals with the problems of flow compression in network devices. Its outcome should alleviate memory consumption of the flows and simplify the processing of network traffic. As an introduction I provide a description of protocols serving for data storage and manipulation, followed by discussion about possibilities of compression methods that are employed nowadays. In the following part there is an in-depth analysis of source data that shows the structure and composition of the data and brings up useful observations, which are later used in the testing of existing compression methods, as well as about their potential and utilization in flow compression. Later on, I venture into the field of lossy compression and basing on the test results a new approach is described, created by means of flow clustering and their subsequent lossy compression. The conclusion contains an evaluation of the possibilities of the method and the final summary of the thesis along with various suggestions for further development of the research.
|
|
|
Module for Network Policy Monitoring in Flow Data
Piecek, Adam ; Kučera, Jan (referee) ; Wrona, Jan (advisor)
The aim of this master's thesis is to design a language through which it would be possible to monitor a stream of network flows in order to detect network policy violations in the local network. An analysis of the languages used in the data stream management systems and an analysis of tasks submitted by the potential administrator were both carried out. The analysis specified resulted in the language design which represents pipelining consisting of filtering and aggregation. These operations can be clearly defined and managed within security rules. The result of this thesis also results in the Policer modul being integrated in the NEMEA system, which is able to apply the main commands of the proposed language. Finally, the module meets the requirements of the specified tasks and may be used for further development in the area of monitoring network policies.
|
|
|
Video Quality Monitoring Using NetFlow
Havlík, Jan ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This bachelor's thesis is about creating new tools for a video transfer quality monitoring. It consists of a client-server architecture, where the client is gathering video quality statistics and passes those statistics to the server. The server updates relevant NetFlow IPFIX records with these statistics. The project includes video encoding, packet encapsulation and Internet protocols related to this topic. The architecture is written in a C language for a UNIX operating system.
|
guest ::
