|
|
Integration of advanced artificial intelligence methods with log management security systems
Sedláček, Jiří ; Mikulec, Marek (referee) ; Safonov, Yehor (advisor)
Cyber security is a very important aspect of everyone’s daily life. With the ever-expanding cyberspace and its growing influence on the real world, the issue of cyber security is all the more important. The theoretical part of the thesis describes the basic aspects of security monitoring. Also, the process of collecting event logs and their management is briefly described. An important means of security monitoring is the management of security information and events. Its advantages, disadvantages and possible improvements with artificial intelligence are discussed. Security orchestration, automation and response functions are also mentioned in the theoretical part. Machine learning techniques such as neural networks and deep learning are also mentioned. This section also focuses on cyber operations centres in terms of improving the efficiency of human ”manual” labour. A survey of possible machine learning techniques for this use case has been conducted, as the lack of human resources is a critical issue within security operations centres. The practical part of the thesis involves setting out a goal (text sequence classification) that could make the work considerably easier in terms of manually categorizing event logs according to their source. For this set task, security monitoring related data was collected from different log sources. In the practical part, the methods for processing this data are also described in detail. Subsequently, a suitable neural network model was selected and its technical description was performed. Finally, the final data processing and the process of training, validating and testing the model are described. Three scenarios were developed for this process, which are then described in detail in the measurement results.
|
|
|
DNS firewall and its deployment and integration in cyber center
Doležal, Martin ; Kubánková, Anna (referee) ; Jeřábek, Jan (advisor)
This bachelor's thesis deals with the deployment, integration, and testing of a DNS firewall in a security operations center. It describes the connection of endpoints and remote local area networks to the DNS firewall located in the security operations center. Furthermore, the enforcement of the DNS firewall is described. The main goal of the thesis was to deploy and integrate a DNS firewall inside a security operations center. The first chapter describes the security operations center in general. The second chapter deals with the DNS system. The following chapter describes the security of the DNS system and security of DNS requests, the reader is informed of the term DNS firewall and RPZ and VPN technologies. The fourth chapter describes the DNS firewall deployment process and its integration in a real security operations center. The next chapter describes connection methods of endpoint and remote local area networks to the DNS firewall and its enforcement inside the security operations center. The last chapter deals with performance testing and deployed DNS firewall availability. The outcome of the thesis involves a deployed, integrated, fully-functional, and tested DNS firewall in a real-world security operations center. The Bind software package along with the RPZ technology was used to implement and deploy the DNS firewall. For testing and connection of endpoints, the VPN technology, and the RIPE Atlas network was used.
|
|
|
DNS firewall and its deployment and integration in cyber center
Doležal, Martin ; Kubánková, Anna (referee) ; Jeřábek, Jan (advisor)
This bachelor's thesis deals with the deployment, integration, and testing of a DNS firewall in a security operations center. It describes the connection of endpoints and remote local area networks to the DNS firewall located in the security operations center. Furthermore, the enforcement of the DNS firewall is described. The main goal of the thesis was to deploy and integrate a DNS firewall inside a security operations center. The first chapter describes the security operations center in general. The second chapter deals with the DNS system. The following chapter describes the security of the DNS system and security of DNS requests, the reader is informed of the term DNS firewall and RPZ and VPN technologies. The fourth chapter describes the DNS firewall deployment process and its integration in a real security operations center. The next chapter describes connection methods of endpoint and remote local area networks to the DNS firewall and its enforcement inside the security operations center. The last chapter deals with performance testing and deployed DNS firewall availability. The outcome of the thesis involves a deployed, integrated, fully-functional, and tested DNS firewall in a real-world security operations center. The Bind software package along with the RPZ technology was used to implement and deploy the DNS firewall. For testing and connection of endpoints, the VPN technology, and the RIPE Atlas network was used.
|
|
|
Integration of advanced artificial intelligence methods with log management security systems
Sedláček, Jiří ; Mikulec, Marek (referee) ; Safonov, Yehor (advisor)
Cyber security is a very important aspect of everyone’s daily life. With the ever-expanding cyberspace and its growing influence on the real world, the issue of cyber security is all the more important. The theoretical part of the thesis describes the basic aspects of security monitoring. Also, the process of collecting event logs and their management is briefly described. An important means of security monitoring is the management of security information and events. Its advantages, disadvantages and possible improvements with artificial intelligence are discussed. Security orchestration, automation and response functions are also mentioned in the theoretical part. Machine learning techniques such as neural networks and deep learning are also mentioned. This section also focuses on cyber operations centres in terms of improving the efficiency of human ”manual” labour. A survey of possible machine learning techniques for this use case has been conducted, as the lack of human resources is a critical issue within security operations centres. The practical part of the thesis involves setting out a goal (text sequence classification) that could make the work considerably easier in terms of manually categorizing event logs according to their source. For this set task, security monitoring related data was collected from different log sources. In the practical part, the methods for processing this data are also described in detail. Subsequently, a suitable neural network model was selected and its technical description was performed. Finally, the final data processing and the process of training, validating and testing the model are described. Three scenarios were developed for this process, which are then described in detail in the measurement results.
|
guest ::
