Bezpečnostní analýza síťového provozu pomocí behaviorálních signatur / Security analysis of network traffic using behavioral signatures

Barabas, Maroš

January 2016

This thesis focuses on description of the current state of research in the detection of network attacks and subsequently on the improvement of detection capabilities of specific attacks by establishing a formal definition of network metrics. These metrics approximate the progress of network connection and create a signature, based on behavioral characteristics of the analyzed connection. The aim of this work is not the prevention of ongoing attacks, or the response to these attacks. The emphasis is on the analysis of connections to maximize information obtained and definition of the basis of detection system that can minimize the size of data collected from the network, leaving the most important information for subsequent analysis. The main goal of this work is to create the concept of the detection system by using defined metrics for reduction of the network traffic to signatures with an emphasis on the behavioral aspects of the communication. Another goal is to increase the autonomy of the detection system by developing an expert knowledge of honeypot system, with the condition of independence to the technological aspects of analyzed data (e.g. encryption, protocols used, technology and environment). Defining the concept of honeypot system's expert knowledge in the role of the teacher of classification algorithms creates autonomy of the~system for the detection of unknown attacks. This concept also provides the possibility of independent learning (with no human intervention) based on the knowledge collected from attacks on these systems. The thesis describes the process of creating laboratory environment and experiments with the defined network connection signature using collected data and downloaded test database. The results are compared with the state of the art of the network detection systems and the benefits of the proposed approximation methods are highlighted.

Fair Medium Access Control Mechanism Reducing Throughput Degradation in IEEE 802.11s Wireless Mesh Networks

Ghasemi, Saeed, El-hajj Moussa, Haisam

January 2016

Denna rapport behandlar prestandaproblem i den nyligen standardiserade Mesh kommunikationsstandarden (IEEE 802.11s). I denna rapport, undersöker och förbättra vi ett förhållande som resulterar i reduktion av genomströmningen i en kedja av noder topologi. IEEE802.11s är mycket lovande med många fördelar för både IoT-systemen och trådlösa nätverk i båda hemmet och arbete.Vi arbetar med frågan om orättvisa när CSMA/CA tillämpas, vilket orsakar genomströmningsreduktion på grund av paketförluster och indikerar svältning. Vi analyserar konsekvenserna av Collision Avoidance (CA) mekanism och föreslår en ersättning för CA som är både rättvist och samtidigt kan upprätthålla undvikande av kollisioner. Vi implementera detta i en simulator och resultatet visar på betydligt högre end-to-end-genomströmning än standard CSMA/CA och inga paketförluster på grund av buffertspill. / This thesis rapport deals with the performance issues of the newly standardized Wireless mesh protocol (IEEE 802.11s). In this thesis, we work on improving the conditions that results in throughput degradation in a chain of nodes topology. The mesh standard is very promising with many advantages for both IoT systems and home wireless networks.We work on the issue of unfairness when CSMA/CA is applied, which causes throughput degradation due to packet loss and indicates starvation. We analyze the implication of the Collision Avoidance (CA) mechanism and propose a replacement for the CA that is both fair and able to maintain collision avoidance. We implement this in a simulator and the result shows significantly higher end-to-end throughput compared to the original CSMA/CA and no packet loss due to buffer overflow.

Multihop

IEEE 802.11s

Wifi

Medium access control

MAC

CSMA

Collision Avoidance

CA

Packet drop

Fairness

Buffer overflow

Unfairness

Mesh

Wireless

Network

WMN

throughput

throughput degradation

contention

two-hop interference

greedy sender

distributed

Engineering and Technology

Teknik och teknologier

Efektivní správa paměti ve vícevláknových aplikacích / Effective Memory Management for Multi-Threaded Applications

Vašíček, Libor

January 2008

This thesis describes design and implementation of effective memory management for multi-threaded applications. At first, the virtual memory possibilities are described, which can be found in the latest operating systems, such as Microsoft Windows and Linux. Afterwards the most frequently used algorithms for memory management are explained. Consequently, their features are used properly for a new memory manager. Final design includes particular tools for application debugging and profiling. At the end of the thesis a series of tests and evaluation of achieved results were done.