|
|
Comparing Speed of the Modern Systems for Regular Expression Matching
Trávníček, Jan ; Kořenek, Jan (referee) ; Kaštil, Jan (advisor)
This thesis describes how to compare the speed of modern tools for regular expressions matching. To compare the speed of each tool is used set of regular expressions from the Snort - Intrusion Detection System, which are specified in the PCRE notation. These regular expressions are evaluated by difeerent tools and the results are compared with each other. In this work is also solved difeerence between mathematical and practical perspective on the term of regular expression and transfer Perl regular expressions in POSIX regular expressions.
|
|
|
Intrusion detection system for Mikrotik-based network
Zvařič, Filip ; Frolka, Jakub (referee) ; Krajsa, Ondřej (advisor)
This bachelor's thesis focuses on network attacks and ways to defend against them. It discusses the most common attacks that can be encountered and their impact on computer networks and end user. Finally, it includes steps for implementing a protection system in collaboration with the preventive software Snort and RouterOS operating system. This system's toughness is tested and results are processed.
|
|
|
Implementation of Regular Expression Grouping in MapReduce Paradigm
Šafář, Martin ; Dvořák, Milan (referee) ; Kaštil, Jan (advisor)
The greatest contribution of this thesis is design and implementation of program, that uses MapReduce paradigm and Apache Hadoop for acceleration of regular expression grouping. This paper also describes algorithms, that are used for regular expression grouping and proposes some improvements for these algorithms. Experiments carried out in this thesis show, that a cluster of 20 computers can speed up the grouping ten times.
|
|
|
Construction of Nondeterministic Finite Automata
Stanek, Timotej ; Šimek, Václav (referee) ; Kaštil, Jan (advisor)
This thesis discuss about dilemma in construction of nondeterministic finite automata from PCRE expressions with respect of their parameters with use in Intrusion Detection Systems. There is showed PCRE expressions syntax too. We discussed two different approaches to construct nondeterministic finite automata from PCRE expressions. The implementation of these two algorithms is described. We constructed finite automata with them from expressions of three Intrusion Detection Systems: SNORT, Bro IDS and L7-Filter, and finally we compared their parameters and deduced conclusions.
|
|
|
Automatic Grouping of Regular Expressions
Stanek, Timotej ; Kořenek, Jan (referee) ; Kaštil, Jan (advisor)
This project is about security of computer networks using Intrusion Detection Systems. IDS contain rules for detection expressed with regular expressions, which are for detection represented by finite-state automata. The complexity of this detection with non-deterministic and deterministic finite-state automata is explained. This complexity can be reduced with help of regular expressions grouping. Grouping algorithm and approaches for speedup and improvement are introduced. One of the approches is Genetic algorithm, which can work real-time. Finally Random search algorithm for grouping of regular expressions is presented. Experiment results with these approches are shown and compared between each other.
|
|
|
Industrial control system security design
Strnad, Matěj ; Martin,, Keprt (referee) ; Sedlák, Petr (advisor)
The subject of the master's thesis is a design of security measures for securing of an industrial control system. It includes an analysis of characteristics of communication environment and specifics of industrial communication systems, a comparison of available technological means and a design of a solution according to investor's requirements.
|
|
|
Slow rate DoS attacks independent of application layer protocol
Richter, Dominik ; Münster, Petr (referee) ; Sikora, Marek (advisor)
This bachelor thesis is focused on the development of a generator of Slow DoS attacks independent of the application layer protocol and a system capable of detecting these attacks. These attacks are characterized by the use of very low bandwidth and similarities to legitimate user traffic on the network. This makes them very effective and difficult to detect. In addition, they can be applied to multiple ISO/OSI application layer protocols, such as FTP, SSH, or HTTP. Specifically, the work deals with Slowcomm, Slow Next and SlowReq attacks. In the introduction, the reader is introduced to three application layer protocols, on which the implemented attacks will be presented and tested. Next, the individual Slow DoS attacks and the procedure of their implementation in the test environment are described in more detail. Subsequently, an IDS detection system was created, which is able to detect the ongoing attack generated by the created generator. Its implementation was also described. The results show that Slow DoS attacks are able to prevent access to the target service faster and more effectively than conventional flood attacks. The detection system, on the other hand, is able to detect them.
|
|
|
Network Traffic Obfuscation for IDS Detection Avoidance
Ovšonka, Daniel ; Barabas, Maroš (referee) ; Malinka, Kamil (advisor)
This thesis deals with the principles of network traffic obfuscation, in order to avoid its detection by the Intrusion Detection System installed in the network. At the beginning of the work, reader is familiarized with the fundamental principle of the basic types of IDS and introduced into the matter of obfuscation techniques, that serve as stepping stone in order to create our own library, whose design is described in the last part of the work. The outcome of the work is represented by a library, that provides all the implemented techniques for further use. The library can be well utilized in penetration testing of the new systems or used by the attacker.
|
|
|
Analysis of Automated Generation of Signatures Using Honeypots
Bláha, Lukáš ; Barabas, Maroš (referee) ; Drozd, Michal (advisor)
In this paper, system of automatic processing of attacks using honeypots is discussed. The first goal of the thesis is to become familiar with the issue of signatures to detect malware on the network, especially the analysis and description of existing methods for automatic generation of signatures using honeypots. The main goal is to use the acquired knowledge to the design and implementation of tool which will perform the detection of new malicious software on the network or end user's workstation.
|
|
|
Detection of fake access points
Lővinger, Norbert ; Gerlich, Tomáš (referee) ; Martinásek, Zdeněk (advisor)
The risk of cyber-attacks in the local networks is constantly increasing due to the underestimation of their security. In wireless LANs, an attacker does not require physical access to the network. These types of attacks are almost impossible to spot. The typical signature of fake access point is the same configuration as the legitimate access point, which increases the effectivness of the attack. Detection systems are used to detect these cyber-attacks in local networks. Detection systems offer advanced methods for real-time analysis of captured network communication. In this bachelor thesis two open detection systems – Suricata and Kismet are analysed and compared. Custom implementation of detection system is based on functionality analysis of these two detection systems. Custom implemetation is programmed in Python at an affordable Raspberry Pi 4. The success of detecting cyber-attacks using fake access point was tested in 4 different scenarios at the experimental testbed.
|
guest ::
