|
|
Data Profiling Using IPFIX Mediator
Kozubík, Michal ; Bartoš, Václav (referee) ; Kořenek, Jan (advisor)
This thesis deals with the network data profiling using IPFIX mediator. The main task is effective data filtering and configurable profiles management. The profiles management is still not available for IPFIX mediator, which makes analysis of network traffic for users more difficult. Therefore this thesis deals with the design and implementation of configurable profiles management as a plug-in for IPFIX mediator. The plug-in uses profiles hierarchy with filtering rules for data sorting.
|
|
|
Artificial intelligence for application services classification in network communication
Jelínek, Michael ; Fujdiak, Radek (referee) ; Blažek, Petr (advisor)
The master thesis focuses on the selection of a suitable algorithm for the classification of selected network traffic services and its implementation. The theoretical part describes the available classification approaches together with commonly used algorithms and selected network services. The practical part focuses on the preparation and preprocessing of the dataset, selection and optimization of the classification algorithm and verifying the classification capabilities of the algorithm in the various scenarios of the dataset.
|
|
|
Extension of Behavioral Analysis of Network Traffic Focusing on Attack Detection
Teknős, Martin ; Zbořil, František (referee) ; Homoliak, Ivan (advisor)
This thesis is focused on network behavior analysis (NBA) designed to detect network attacks. The goal of the thesis is to increase detection accuracy of obfuscated network attacks. Methods and techniques used to detect network attacks and network traffic classification were presented first. Intrusion detection systems (IDS) in terms of their functionality and possible attacks on them are described next. This work also describes principles of selected attacks against IDS. Further, obfuscation methods which can be used to overcome NBA are suggested. The tool for automatic exploitation, attack obfuscation and collection of this network communication was designed and implemented. This tool was used for execution of network attacks. A dataset for experiments was obtained from collected network communications. Finally, achieved results emphasized requirement of training NBA models by obfuscated malicious network traffic.
|
|
|
Security analysis of network traffic using behavioral signatures
Barabas, Maroš ; Hujňák,, Petr (referee) ; Zelinka,, Ivan (referee) ; Hanáček, Petr (advisor)
This thesis focuses on description of the current state of research in the detection of network attacks and subsequently on the improvement of detection capabilities of specific attacks by establishing a formal definition of network metrics. These metrics approximate the progress of network connection and create a signature, based on behavioral characteristics of the analyzed connection. The aim of this work is not the prevention of ongoing attacks, or the response to these attacks. The emphasis is on the analysis of connections to maximize information obtained and definition of the basis of detection system that can minimize the size of data collected from the network, leaving the most important information for subsequent analysis. The main goal of this work is to create the concept of the detection system by using defined metrics for reduction of the network traffic to signatures with an emphasis on the behavioral aspects of the communication. Another goal is to increase the autonomy of the detection system by developing an expert knowledge of honeypot system, with the condition of independence to the technological aspects of analyzed data (e.g. encryption, protocols used, technology and environment). Defining the concept of honeypot system's expert knowledge in the role of the teacher of classification algorithms creates autonomy of the~system for the detection of unknown attacks. This concept also provides the possibility of independent learning (with no human intervention) based on the knowledge collected from attacks on these systems. The thesis describes the process of creating laboratory environment and experiments with the defined network connection signature using collected data and downloaded test database. The results are compared with the state of the art of the network detection systems and the benefits of the proposed approximation methods are highlighted.
|
|
|
Identification of Application Protocols
Wrona, Jan ; Bartoš, Václav (referee) ; Kořenek, Jan (advisor)
This thesis is focused on identification of application protocols with emphasizing the speed of their recognition and following possibility of hardware implementation. Nowadays tools are not suitable for fast identification of application protocols in current network monitoring devices, because the decision is not provided for the first packets of network flow. Therefore this thesis propose new model for fast and reliable identification of application protocols. The model was implemented and tested on HTTP, SIP, SMTP and DNS protocols and results were compared to regular expressions and nDPI and libprotoident libraries. For all these protocols, the proposed model has comparable accuracy to other methods, but also provides fast result based on the first packets of the flow.
|
|
|
Detection of Dynamic Network Applications
Juránek, Michal ; Kaštil, Jan (referee) ; Tobola, Jiří (advisor)
This thesis describes methods of detection of simple voice communications of encrypted VoIP calls between two Skype clients. The elements of network and its communication principles are described. Three approaches to classification are analyzed. The first approach performs the classification by content of network packets using Pearson's chi2 test of goodness of fit, the second approach by characteristics of network flows by means of naive Bayesian classification. The third approach describes ways of detecting signaling messages. The detector application is implemented on the basis of chosen methods.
|
|
|
Artificial intelligence for application services classification in network communication
Jelínek, Michael ; Fujdiak, Radek (referee) ; Blažek, Petr (advisor)
The master thesis focuses on the selection of a suitable algorithm for the classification of selected network traffic services and its implementation. The theoretical part describes the available classification approaches together with commonly used algorithms and selected network services. The practical part focuses on the preparation and preprocessing of the dataset, selection and optimization of the classification algorithm and verifying the classification capabilities of the algorithm in the various scenarios of the dataset.
|
|
|
Security analysis of network traffic using behavioral signatures
Barabas, Maroš ; Hujňák,, Petr (referee) ; Zelinka,, Ivan (referee) ; Hanáček, Petr (advisor)
This thesis focuses on description of the current state of research in the detection of network attacks and subsequently on the improvement of detection capabilities of specific attacks by establishing a formal definition of network metrics. These metrics approximate the progress of network connection and create a signature, based on behavioral characteristics of the analyzed connection. The aim of this work is not the prevention of ongoing attacks, or the response to these attacks. The emphasis is on the analysis of connections to maximize information obtained and definition of the basis of detection system that can minimize the size of data collected from the network, leaving the most important information for subsequent analysis. The main goal of this work is to create the concept of the detection system by using defined metrics for reduction of the network traffic to signatures with an emphasis on the behavioral aspects of the communication. Another goal is to increase the autonomy of the detection system by developing an expert knowledge of honeypot system, with the condition of independence to the technological aspects of analyzed data (e.g. encryption, protocols used, technology and environment). Defining the concept of honeypot system's expert knowledge in the role of the teacher of classification algorithms creates autonomy of the~system for the detection of unknown attacks. This concept also provides the possibility of independent learning (with no human intervention) based on the knowledge collected from attacks on these systems. The thesis describes the process of creating laboratory environment and experiments with the defined network connection signature using collected data and downloaded test database. The results are compared with the state of the art of the network detection systems and the benefits of the proposed approximation methods are highlighted.
|
|
|
Detection of Dynamic Network Applications
Juránek, Michal ; Kaštil, Jan (referee) ; Tobola, Jiří (advisor)
This thesis describes methods of detection of simple voice communications of encrypted VoIP calls between two Skype clients. The elements of network and its communication principles are described. Three approaches to classification are analyzed. The first approach performs the classification by content of network packets using Pearson's chi2 test of goodness of fit, the second approach by characteristics of network flows by means of naive Bayesian classification. The third approach describes ways of detecting signaling messages. The detector application is implemented on the basis of chosen methods.
|
|
|
Identification of Application Protocols
Wrona, Jan ; Bartoš, Václav (referee) ; Kořenek, Jan (advisor)
This thesis is focused on identification of application protocols with emphasizing the speed of their recognition and following possibility of hardware implementation. Nowadays tools are not suitable for fast identification of application protocols in current network monitoring devices, because the decision is not provided for the first packets of network flow. Therefore this thesis propose new model for fast and reliable identification of application protocols. The model was implemented and tested on HTTP, SIP, SMTP and DNS protocols and results were compared to regular expressions and nDPI and libprotoident libraries. For all these protocols, the proposed model has comparable accuracy to other methods, but also provides fast result based on the first packets of the flow.
|
guest ::
