|
|
Detection of slow-rate DDoS attacks
Sikora, Marek ; Frolka, Jakub (referee) ; Blažek, Petr (advisor)
This diploma thesis is focused on the detection and protection against Slow DoS and DDoS attacks using computer network traffic analysis. The reader is introduced to the basic issues of this specific category of sophisticated attacks, and the characteristics of several specific attacks are clarified. There is also a set of methods for detecting and protecting against these attacks. The proposed methods are used to implement custom intrusion prevention system that is deployed on the border filtering server of computer network in order to protect Web servers against attacks from the Internet. Then created system is tested in the laboratory network. Presented results of the testing show that the system is able to detect attacks Slow GET, Slow POST, Slow Read and Apache Range Header and then protect Web servers from affecting provided services.
|
|
|
Network Traffic Visualization
Matoušek, Martin ; Bartoš, Václav (referee) ; Kováčik, Michal (advisor)
Bachelor thesis deals with visualization of network traffic by NetFlow data. In the theoretical part describes NetFlow technology thet is used for monitoring of computer network . Then I introduce theory of graph layouts . Purpose of the thesis is to crate tool for visualization data.
|
|
|
Potential calculation of mutual information from a time series
Hubr, Ivo ; Smékal, Zdeněk (referee) ; Mekyska, Jiří (advisor)
Mutual information is one of the factors used in traffic analysis and preparation phase space. Begin of this work deal with information theory, focusing on the calculation of mutual information. To calculate this parameter has been available for many algorithms which are analyzing in this final work. Two of the algorithms (Fraser-Swinney and calculation of mutual information using adaptive XY subdivision) are applied to the input data Rössler’ attractor, as shown in the output tables and graphs. The third consideration method is the computational Dinh-Tuan-Pham algorithm. The main goal of this work is a comparison of efficiency, speed and accuracy of the calculation of these algorithms.
|
|
|
IoT Gateways Network Communication Analysis
Zbořil, Jan ; Perešíni, Martin (referee) ; Malinka, Kamil (advisor)
Současné brány internetu věcí jsou nejčastěji vyvíjené soukromými společnostmi. Toto tvoří základ pro proprietární software, o němž výrobci zveřejňují jen málo informací. Proto je pro získání znalostí o způsobů chování těchto zařízení nutné sledovat jejich síťový provoz. Cílem této práce je prozkoumat síťovou komunikaci několika komerčně dostupných bran pro domácí použití a na základě získaných dat porovnat jednotlivé brány, ověřit výsledky již existujících studií v tomto odvětví IT a zjistit možné bezpečnostní nedostatky těchto produktů. Síťový provoz byl odchycen v rámci uzavřeného prostředí. Získaná data prošla analýzou pomocí nástrojů Zeek a Wireshark. Získané znalosti zhodnocují stav zabezpečení IoT bran pro domácnost. Odchycená datová sada je volně publikovaná za účelem dalšího výzkumu.
|
|
|
Network Traffic Analysis Using NIFIC Device
Melo, Juraj ; Martínek, Tomáš (referee) ; Kořenek, Jan (advisor)
This bachelor's thesis describes examples of using NIFIC device in order to suppress security risks in computer networks. NIFIC is a stateless packet filter with hardware acceleration, suitable for deploying on high-speed networks. This thesis contains examples, presenting usage of this device which can improve network security, in cooperation with other security systems. Some examples are extended with description of another useful features, which provide higher effectivity of network managing and monitoring.
|
|
|
Reputation of Malicious Traffic Sources
Bartoš, Václav ; Lhotka,, Ladislav (referee) ; Vozňák, Miroslav (referee) ; Kořenek, Jan (advisor)
An important part of maintaining network security is collecting and processing information about cyber threats, both from network operator's own detection tools and from third parties. A commonly used type of such information are lists of network entities (IP addresses, domains, URLs, etc.) which were identified as malicious. However, in many cases, the simple binary distinction between malicious and non-malicious entities is not sufficient. It is beneficial to keep other supplementary information for each entity, which describes its malicious activities, and also a summarizing score, which evaluates its reputation numerically. Such a score allows for quick comprehension of the level of threat the entity poses and allows to compare and sort entities. The goal of this work is to design a method for such summarization. The resulting score, called Future Maliciousness Probability (FMP score), is a value between 0 and 1, assigned to each suspicious network entity, expressing the probability that the entity will do some kind of malicious activity in a near future. Therefore, the scoring is based of prediction of future attacks. Advanced machine learning methods are used to perform the prediction. Their input is formed by previously received alerts about security events and other relevant data related to the entity. The method of computing the score is first described in a general way, usable for any kind of entity and input data. Then a more concrete version is presented for scoring IPv4 address by utilizing alerts from an alert sharing system and supplementary data from a reputation database. This variant is then evaluated on a real world dataset. In order to get enough amount and quality of data for this dataset, a part of the work is also dedicated to the area of security analysis of network data. A framework for analysis of flow data, NEMEA, and several new detection methods are designed and implemented. An open reputation database, NERD, is also implemented and described in this work. Data from these systems are then used to evaluate precision of the predictor as well as to evaluate selected use cases of the scoring method.
|
|
|
Automated Annotation of Network Traffic Based on System Events
Kala, Jan ; Polčák, Libor (referee) ; Žádník, Martin (advisor)
This thesis addresses topic of network flow annotation using web traffic data. Introduces to problematics of network flow monitoring, analysis and classification and also to protocols HTTP and HTTPS. Describes technique of data collection from web browsers and their pairing with traffic flows. Proposes annotation system that is able to annotate web traffic in automated manner. Implementation of the proposed system is also part of this thesis
|
|
|
Correlation of Inbound and Outbound Traffic of Tor Network
Coufal, Zdeněk ; Veselý, Vladimír (referee) ; Polčák, Libor (advisor)
Communication in public networks based on the IP protocol is not really anonymous because it is possible to determine the source and destination IP address of each packet. Users who want to be anonymous are forced to use anonymization networks, such as Tor. In case such a user is target of lawful interception, it presents a problem for those systems because they only see that the user communicated with anonymization network and have a suspicion that the data stream at the output of anonymization network belong to the same user. The aim of this master thesis was to design a correlation method to determine the dependence of the data stream at the input and the output of the Tor network. The proposed method analysis network traffic and compares characteristics of data streams extracted from metadata, such as time of occurence and the size of packets. This method specializes in correlating data flows of protocol HTTP, specifically web server responses. It was tested on real data from the Tor network and successfully recognized dependency of data flows.
|
|
|
Generator of Network Attack Traces
Daněk, Jakub ; Kořenek, Jan (referee) ; Bartoš, Václav (advisor)
The thesis describes a design and implementation of Nemea system module purposed on generation of records about simulated network attacks. This thesis also contains brief description of Nemea system and several network attacks. Finally, part of this work is description of simulated attacks and methods of simulations.
|
|
|
Security Analysis of Immersive Virtual Reality and Its Implications
Vondráček, Martin ; Ryšavý, Ondřej (referee) ; Pluskal, Jan (advisor)
Virtuální realita je v současné době využívána nejen pro zábavu, ale i pro práci a sociální interakci, kde má soukromí a důvěrnost informací vysokou prioritu. Avšak bohužel, bezpečnostní opatření uplatňovaná dodavateli softwaru často nejsou dostačující. Tato práce přináší rozsáhlou bezpečnostní analýzu populární aplikace Bigscreen pro virtuální realitu, která má více než 500 000 uživatelů. Byly využity techniky analýzy síťového provozu, penetračního testování, reverzního inženýrství a dokonce i metody pro application crippling. Výzkum vedl k odhalení kritických zranitelností, které přímo narušovaly soukromí uživatelů a umožnily útočníkovi plně převzít kontrolu nad počítačem oběti. Nalezené bezpečnostní chyby umožnily distribuci škodlivého softwaru a vytvoření botnetu pomocí počítačového červa šířícího se ve virtuálních prostředích. Byl vytvořen nový kybernetický útok ve virtální realitě nazvaný Man-in-the-Room. Dále byla objevena bezpečnostní chyba v Unity engine. Zodpovědné nahlášení objevených chyb pomohlo zmírnit rizika pro více než půl milionu uživatelů aplikace Bigscreen a uživatele všech dotčených aplikací v Unity po celém světě.
|
guest ::
