|
|
Distributed Brute Force Attacks Protection
Richter, Jan ; Čejka, Rudolf (referee) ; Lampa, Petr (advisor)
This project deals with analysis of brute force attacks focused on breaking authentication of common services (especially ssh) of Linux and xBSD operating systems. It also examines real attacks, actual tools and ways of detection of theese attacks. Finaly there are designed new mechanisms of coordination and evaluation of distributed brute force attacks in distributed environment. These mechanisms are then implemented in distributed system called DBFAP.
|
|
|
Detection of Malicious Domain Names
Setinský, Jiří ; Perešíni, Martin (referee) ; Tisovčík, Peter (advisor)
The bachelor thesis deals with the detection of artificially generated domain names (DGA). The generated addresses serve as a means of communication between the attacker and the infected computer. By detection, we can detect and track infected computers on the network. The detection itself is preceded by the study of machine learning techniques, which will then be applied in the creation of the detector. To create the final classifier in the form of a decision tree, it was necessary to analyze the principle of DGA addresses. Based on their characteristics, the attributes were extracted, according to which the final classifier will be decided. After learning the classification model on the training set, the classifier was implemented in the target platform NEMEA as a detection module. After final optimizations and testing, we achieved a accuracy of the classifier of 99%, which is a very positive result. The NEMEA module is ready for real-world deployment to detect security incidents. In addition to the NEMEA module, another model was created to predict the accuracy of datasets with domain names. The model is trained based on the characteristics of the dataset and the accuracy of the DGA detector, whose behavior we want to predict.
|
|
|
Malware Detection Using DNS Traffic Analysis
Daniš, Daniel ; Ovšonka, Daniel (referee) ; Kováčik, Michal (advisor)
This master thesis deals with the design and implementation of a tool for malware detection using DNS traffic analysis. Text of the thesis is divided into theoretical and practical part. In theoretical part the reader will be acknowledged with the domain of malware and botnet detection. Consequently, various options and methods of malware detection will be described. Practical part of the thesis contains description of malware detection tool architecture as well as key aspects of its implementation. Moreover, the emphasis is being placed on testing and experiments. The result of the thesis is a tool, written in python, for malware detection using DNS traffic analysis, that uses a combination of several methods of detection.
|
|
|
Security System for Web Application Attacks Elimination
Vašek, Dominik ; Zobal, Lukáš (referee) ; Jeřábek, Kamil (advisor)
Nowadays, botnet attacks that aim to overwhelm the network layer by malformed packets and other means are usually mitigated by hardware intrusion detection systems. Application layer botnet attacks, on the other hand, are still a problem. In case of web applications, these attacks contain legitimate traffic that needs to be processed. If enough bots partake in this attack, it can lead to inaccessibility of services provided and other problems, which in turn can lead to financial loss. In this thesis, we propose a detection and mitigation system that can detect botnet attacks in realtime using statistical approach. This system is divided into several modules that together cooperate on the detection and mitigation. These parts can be further expanded. During the testing phase, the system was able to capture approximately 60% of botnet attacks that often focused on spam, login attacks and also DDoS. The number of false positive addresses is below 5%.
|
|
|
Malicious Domains Detection Using Analysis of DNS Traffic
Podešvová, Vlasta ; Bartoš, Václav (referee) ; Kováčik, Michal (advisor)
The aim of this bachelor's thesis is to design, implement and test a system for malicious domain detection in data sets obtained from real network traffic. It is aimed specifically on detection of DGA botnet activities. This detection is provided by analysis of domain name syntax. Part of the solution is focused at building a model from a set of legal domain names. This model is used for domain name syntax analysis and user of the final system is allowed to choose his own model data. Overall this thesis brings a view on the efficiency of implemented methods of malicious domain detection.
|
|
|
Network Attack Capture Using Honeypots
Mlčoch, Tomáš ; Chmelař, Petr (referee) ; Richter, Jan (advisor)
This bachelor thesis deals with honeypot tools and adapting a Linux operating system into such tool. The thesis presents general categories of malicious codes and current trends in this area. The thesis also presents an existing honeypot tool Honeyd and its features. Next there are introduced tools and techniques to monitor a Linux system, compared the selected virtualization technology and explained the process of creating a virtual Linux honeypot.
|
|
|
Spam Detection Using DNS MX Records
Plotěný, Ondřej ; Krobot, Pavel (referee) ; Kováčik, Michal (advisor)
The aim of this thesis is the detection of malicious spammer hosts based on passive analysis of captured DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on high volume of MX query per host and high NXDomain ratio. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.
|
|
|
Antispam protection of web pages
Orsák, David ; Míča, Ivan (referee) ; Kacálek, Jan (advisor)
This thesis deals with questions of spam especially for web pages. The work specifies the term spam, history of spam and that individual division according to way diffusion and type sight. Here is decrypted questions legislature for spam and assessment consequences for this issue. With problem of spam is closely linked the botnets, which are main sources of spam, in this thesis is decrypted how botnet work and witch botnets are the biggest in this time that mean botnet which delivered the most of spam per day. The main part this work is to defined and decrypted different ways of spam protecting websites. Here are given type of protection from basic protection for hardy form protection, name CAPTCHA. In the practical part of the thesis offers some variants CAPTCHA, which could be reused for antispam protection for web pages
|
|
|
Cryptovirology and Future of Malware
Prchal, Josef ; Říha, Zdeněk (referee) ; Cvrček, Daniel (advisor)
Malware is connected to information technology. They influence each other. The aim of this thesis is to describe various types of this software and give a brief account of its history and development. It also discusses main trends of this area and tries to foretell the future development.
|
|
|
Detection of Network Attack Using HTTP Analysis
Pastuszek, Jakub ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
This experimental thesis describes cummunication protocol HTTP a its following extensions. Using monitoring network flows is able to obtain information about HTTP communication in the form of IPFIX. The detection takes place over already colleted data (Post Mortem). These data are used to detect attacks on a web server. Data contain extended attributes especially HTTP headers with which is able to detect such an attack. The main objective of this work is to propose solutions for detecting network attacks by analyzing HTTP headers. Afterward test final detection application and compare it with existing solution.
|
guest ::
