|
|
System for Monitoring of Network Protocols
Selecký, Roman ; Dražil, Jan (referee) ; Kořenek, Jan (advisor)
It is necessary to monitor networks namely for diagnostics, troubleshooting, detection of anomalies and suspicious header encapsulations. This thesis aims to design and implement a system for monitoring protocol structure on 10 Gb networks, which will be able to capture packets based on the sequence of encapsulated protocols. To achieve requested throughput some tasks like packet parsing and packet filtering were accelerated in FPGA. Flexibility is achieved by using a tool that maps P4 programs, which define packet parsing process, to VHDL language. Based on the information gained from packet parsing, flow records are created and stored via IPFIX protocol. This information is displayed through a graphical user interface in the form of protocol tree, whose nodes are associated with flow records.
|
|
|
Design of Methods for Encrypted Traffic Visualization
Hlučková, Pavla ; Martinásek, Zdeněk (referee) ; Malina, Lukáš (advisor)
This thesis deals with design of methods for encrypted traffic visualization. It generally describes selected encrypted traffic protocols, whose data samples were collected later on to form a dataset. Furthermore, it focuses on the topic of IP flow monitoring and decribes the means of carrying out such monitoring. An important part of this thesis is the dataset created from the samples of mentioned protocols and the visualizations of different statistics and metadata gatherable from (extended) IP flows of these protocols. The designed methods of visualization are implemented using the Python programming language and the Jupyter Notebook technology.
|
|
|
Testing of Probes for Network Traffic Monitoring
Sobol, Jan ; Korček, Pavol (referee) ; Kořenek, Jan (advisor)
In order to ensure a secure and stable Internet, administrators need tools for network monitoring which will allow them to analyze ongoing network traffic and respond to situations in a timely manner. One way to monitor traffic is to use monitoring probes. This thesis focuses on a thorough verification of the parameters of existing probes IPFIX probe and FlexProbe. FlexProbe is a network probe designed for the implementation of lawful interceptions developed at FIT BUT in cooperation with the Police of the Czech Republic. The IPFIX probe is developed by the CESNET association and is used for flow monitoring within the FlexProbe probe. In order to be able to operate the probes in the target environment for a long time, it is necessary to thoroughly test the device. The exact behavior of the probe is defined by the specification requirements that are developed for both probes. Based on the requirements, a comprehensive test system covering functional and performance parameters of the probes was designed. The tests are unified using a test framework and included in automated scenarios implemented in system Jenkins. At the end of the thesis, the coverage of the required properties of the probes and their performance is evaluated.
|
|
|
Using NetFlow Data to Create Filtering Rules
Pločicová, Dominika ; Nagy, Peter (referee) ; Grégr, Matěj (advisor)
Cieľom práce je navrhnúť a implementovať systém, ktorý bude schopný detegovať prebiehajúci DDoS útok z dát NetFlow a vytvoriť filtračné pravidlo na jeho zastavenie. Po načítaní definície profilov danej administrátorom by sa mala skúmať sieťová prevádzka. V prípade prebiehajúceho DDoS útoku z jedného alebo viacerých definovaných profilov by sa malo vytvoriť filtračné pravidlo pre elimináciu prevádzky spadajúcej pod daný profil (prípadne profily).
|
|
|
Testing of Probes for Network Traffic Monitoring
Sobol, Jan ; Korček, Pavol (referee) ; Kořenek, Jan (advisor)
In order to ensure a secure and stable Internet, administrators need tools for network monitoring which will allow them to analyze ongoing network traffic and respond to situations in a timely manner. One way to monitor traffic is to use monitoring probes. This thesis focuses on a thorough verification of the parameters of existing probes IPFIX probe and FlexProbe. FlexProbe is a network probe designed for the implementation of lawful interceptions developed at FIT BUT in cooperation with the Police of the Czech Republic. The IPFIX probe is developed by the CESNET association and is used for flow monitoring within the FlexProbe probe. In order to be able to operate the probes in the target environment for a long time, it is necessary to thoroughly test the device. The exact behavior of the probe is defined by the specification requirements that are developed for both probes. Based on the requirements, a comprehensive test system covering functional and performance parameters of the probes was designed. The tests are unified using a test framework and included in automated scenarios implemented in system Jenkins. At the end of the thesis, the coverage of the required properties of the probes and their performance is evaluated.
|
|
|
Design of Methods for Encrypted Traffic Visualization
Hlučková, Pavla ; Martinásek, Zdeněk (referee) ; Malina, Lukáš (advisor)
This thesis deals with design of methods for encrypted traffic visualization. It generally describes selected encrypted traffic protocols, whose data samples were collected later on to form a dataset. Furthermore, it focuses on the topic of IP flow monitoring and decribes the means of carrying out such monitoring. An important part of this thesis is the dataset created from the samples of mentioned protocols and the visualizations of different statistics and metadata gatherable from (extended) IP flows of these protocols. The designed methods of visualization are implemented using the Python programming language and the Jupyter Notebook technology.
|
|
|
System for Monitoring of Network Protocols
Selecký, Roman ; Dražil, Jan (referee) ; Kořenek, Jan (advisor)
It is necessary to monitor networks namely for diagnostics, troubleshooting, detection of anomalies and suspicious header encapsulations. This thesis aims to design and implement a system for monitoring protocol structure on 10 Gb networks, which will be able to capture packets based on the sequence of encapsulated protocols. To achieve requested throughput some tasks like packet parsing and packet filtering were accelerated in FPGA. Flexibility is achieved by using a tool that maps P4 programs, which define packet parsing process, to VHDL language. Based on the information gained from packet parsing, flow records are created and stored via IPFIX protocol. This information is displayed through a graphical user interface in the form of protocol tree, whose nodes are associated with flow records.
|
guest ::
