|
|
Honeypot for LoRaWAN protocol
Zhukova, Viktoriia ; Pospíšil, Jan (referee) ; Pospíšil, Ondřej (advisor)
The bachelor’s thesis in the theoretical section focuses on LoRaWAN technology. It describes network communication, LoRaWAN security, vulnerabilities, and mitigation measures. The second half of the theoretical section focuses on describing honeypot technology and its distribution, listing its advantages and disadvantages, and comparing IoT honeypots. The practical section focuses on building an experimental environment. There is a description of the selected hardware and software. It describes the commissioning of the LoRaWAN network, the configuration of the gateway, and the startup of the LoRaWAN server. Next, the whole procedure of honeypot assembly is described. Two variants of high-interaction honeypot are described and investigated. One without the use of sandboxing and using a firewall, the other with the use of sandboxing and an implementation of chroot/jail.
|
|
|
Honeypot: a tool for fighting malware
Karger, David ; Lieskovan, Tomáš (referee) ; Hajný, Jan (advisor)
This bachelor thesis is focused on deploying a honeypot to fight malware. The aim was to study the issue of honeypots and their use in detection and analysis of malware. The first part is dedicated to malware, its history and individual types. The so-called botnet is described in the next part. The last part is devoted on the honeypot itself and its distribution. The practical realization is done through honeypots Cowrie and Mailoney.
|
|
|
Network Anomaly Detection Based on PCA
Krobot, Pavel ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with subject of network anomaly detection. The method, which will be described in this thesis, is based on principal component analysis. Within the scope of this thesis original design of this method was studied. Another two extensions of this basic method was studied too. Basic version and last extension was implemented with one little additional extension. This one was designed in this thesis. There were series of tests made above this implementation, which provided two findings. First, it shows that principal component analysis could be used for network anomaly detection. Second, even though the proposed method seems to be functional for network anomaly detection, it is still not perfect and additional research is needed to improve this method.
|
|
|
Detection of Slow HTTP DoS Attacks
Jakubíček, Patrik ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with the detection of Slowloris attack. Based on the findings a detection module for Nemea system is implemented. It analyzes flow records and performs attack detection. Tests have verified that the module can work in real deployment and detect Slowloris attack quite successfully.
|
|
|
Web Interface for Network Anomaly Detection System
Sládek, Petr ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
The goal of this work is to create a web interface for network anomaly detection system called HostStats. Its mission is to enable users to effectively work with data and statistics provided by the system. Web interface works as a plugin to NfSen as a completely independent web applications. Implementation took place in PHP using the Nette Framework, HTML5, CSS3, and JavaScript using the jQuery library.
|
|
|
Network Protection Using NetFlow Data
Czudek, Marek ; Tobola, Jiří (referee) ; Žádník, Martin (advisor)
This thesis deals with the possibility of greater security of network based on NetFlow protocol. Specifically, the detecting network scans based on predefined rules to found this anomaly in the NetFlow data. Next part is the possibility of retrospective data analysis, thereby achieving more accurate detection of attacks on the network. In this work designed application uses predetermined rules to detect the scans and then looks the flows towards the ports witch are protected by the application and than compares with detected scans. In this way, more accurate detection of attacks is achieved.
|
|
|
Honeypot for LoRaWAN protocol
Zhukova, Viktoriia ; Pospíšil, Jan (referee) ; Pospíšil, Ondřej (advisor)
The bachelor’s thesis in the theoretical section focuses on LoRaWAN technology. It describes network communication, LoRaWAN security, vulnerabilities, and mitigation measures. The second half of the theoretical section focuses on describing honeypot technology and its distribution, listing its advantages and disadvantages, and comparing IoT honeypots. The practical section focuses on building an experimental environment. There is a description of the selected hardware and software. It describes the commissioning of the LoRaWAN network, the configuration of the gateway, and the startup of the LoRaWAN server. Next, the whole procedure of honeypot assembly is described. Two variants of high-interaction honeypot are described and investigated. One without the use of sandboxing and using a firewall, the other with the use of sandboxing and an implementation of chroot/jail.
|
|
|
Detection of Slow HTTP DoS Attacks
Jakubíček, Patrik ; Kováčik, Michal (referee) ; Bartoš, Václav (advisor)
This thesis deals with the detection of Slowloris attack. Based on the findings a detection module for Nemea system is implemented. It analyzes flow records and performs attack detection. Tests have verified that the module can work in real deployment and detect Slowloris attack quite successfully.
|
|
|
Honeypot: a tool for fighting malware
Karger, David ; Lieskovan, Tomáš (referee) ; Hajný, Jan (advisor)
This bachelor thesis is focused on deploying a honeypot to fight malware. The aim was to study the issue of honeypots and their use in detection and analysis of malware. The first part is dedicated to malware, its history and individual types. The so-called botnet is described in the next part. The last part is devoted on the honeypot itself and its distribution. The practical realization is done through honeypots Cowrie and Mailoney.
|
|
|
Network Protection Using NetFlow Data
Czudek, Marek ; Tobola, Jiří (referee) ; Žádník, Martin (advisor)
This thesis deals with the possibility of greater security of network based on NetFlow protocol. Specifically, the detecting network scans based on predefined rules to found this anomaly in the NetFlow data. Next part is the possibility of retrospective data analysis, thereby achieving more accurate detection of attacks on the network. In this work designed application uses predetermined rules to detect the scans and then looks the flows towards the ports witch are protected by the application and than compares with detected scans. In this way, more accurate detection of attacks is achieved.
|
guest ::
