Systém prevence průniků využívající Raspberry Pi / Intrusion prevention system based on Raspberry Pi

Hirš, David

January 2021

The number of discovered vulnerabilities rapidly increases. For example in 2019 there were discovered 20 362 vulnerabilities. The probability of cyber-attacks realization is high. Therefore it is necessary to propose and implement automated and low-cost Intrusion Prevention or Intrusion Detection Systems (IPS/IDS). This implemetation can focus on home use or small corporate networks. The main goal of the system is to detect or mitigate cyber-attack impact as fast as possible. The master's thesis proposes IPS/IDS based on Raspberry Pi that can detect and prevent various cyber-attacks. Contents of this thesis are focus on description of cyber-attacks based on ISO/OSI model's Link and Network layers. Then there is description of IPS/IDS systems and theirs open source representatives. The practical part is focus on experimental workspace, hardware consumption of choosen detection systems, cyber-attacks scenarios and own implementation of detection program. Detection program is based on these chosen systems and puts them together to be easily manageable.

Pokročilé metody filtrování síťového provozu v systému Linux / Advanced methods of filtering network traffic in the Linux system

Peša, David

January 2008

This master's thesis is meant to provide techniques in designing and building a standalone packet filtering firewall in Linux machines, mainly for small sites who don’t give much service to Internet users. It deals with attenuating the effect of the most common types of attacks using iptables. It guides how to design, implement, run, and maintain Firewall. Techniques for continuously monitoring attacks is attempted. It also give a historical, architectural and technical overview of firewalls and security attacks.

Detekce útoků cílených na odepření služeb / Detection of denial of service attacks

Gerlich, Tomáš

January 2017

Master's thesis is focused on intrusion detection for denied of service attacks. These distributed DoS attacks are threat for all users on the Internet, so there is deployment of intrusion detection and intrusion prevention systems against these attacks. The theoretical part describes the DoS attacks and its variants used most frequently. It also mentioned variants for detecting DoS attacks. There is also described, which tools are used to detect DDoS attacks most frequently. The practical part deals with the deployment of software tools for detecting DDoS attacks, and create traffic to test detection abilities of these tools.

Implementácia IDS/IPS do prostredia univerzitnej siete MENDELU

Hevier, Marek

January 2018

This diploma thesis deals with issue of IDS/IPS systems and possibilities of their utilization within the university network of Mendel University in Brno. The thesis includes a description how to install and configure Snort IDS, including addon modules based on predefined parameters and the ability to detect malious traffic within college computer network of Mendel University in Brno. The results include verification of correct detection of selected attack types and the discussion of False Positive and False Negative.

Research of methods and algorithms of insider detection in a computer network using machine learning technologies

Pelevin, Dmitrii

January 2021

Background. Security Information and Event Management (SIEM) systems today are sophisticated sets of software packages combined with hardware platforms, which can perform real-time analysis on security events and can respond to them before potential damage due to the actions of intruders. A huge number of systems rely on the continuous transmission of data through computer networks. Nowadays it is difficult to imagine a sphere of human activity that would not be affected by information technologies and would not use computer networks. Along with the means of protecting information, the technologies that are used by cybercriminals to achieve their goals are also improving. Moreover, the so-called insiders - information security perpetrators inside the protected perimeter, who can cause much more damage by their actions, as they are among the legitimate users and can have access to more confidential information - are becoming a growing threat. Objectives. To identify insider activity within an acceptable time inside the network, we need to develop a methodology to detect abnormal activity within the network using advanced data processing techniques, based on machine learning. After recreating the data processing system, we will also need to determine the most efficient algorithm that can be applied to the task of insider detection. Methods. The work analyzed research papers with similar objectives to investigate methods and technologies for securing against intruder intrusions, in conjunction with a study of machine learning techniques for detecting anomalies in the data. Experimental data were also collected containing information about network activity within the same network over two weeks. With this data, it is possible to conduct an experiment in network traffic processing using state-of-the-art technology. Results. During the study of relevant works, several effective ways to detect anomalies in the data were identified, technologies for processing large amounts of data using NoSQL were studied, and work on creating an experimental bench was performed. As a result, the experimental data obtained was sufficient to verify the effectiveness of the obtained solution. Conclusions. As a result, we analyzed existing approaches to detect insider activity within a computer system. Algorithms based on machine learning and big data processing methods were evaluated. In addition, a model for representing big data in NoSQL format was developed, which made it possible to create an architecture of a system for detecting insiders in computer networks using a graph database and machine learning methods.

IPS

IDS

UBA

NoSQL

Information Security

Computer Sciences

Datavetenskap (datalogi)

A New SCADA Dataset for Intrusion Detection System Research

Turnipseed, Ian P

14 August 2015

Supervisory Control and Data Acquisition (SCADA) systems monitor and control industrial control systems in many industrials and economic sectors which are considered critical infrastructure. In the past, most SCADA systems were isolated from all other networks, but recently connections to corporate enterprise networks and the Internet have increased. Security concerns have risen from this new found connectivity. This thesis makes one primary contribution to researchers and industry. Two datasets have been introduced to support intrusion detection system research for SCADA systems. The datasets include network traffic captured on a gas pipeline SCADA system in Mississippi State University’s SCADA lab. IDS researchers lack a common framework to train and test proposed algorithms. This leads to an inability to properly compare IDS presented in literature and limits research progress. The datasets created for this thesis are available to be used to aid researchers in assessing the performance of SCADA IDS systems.

cyber attacks

machine learning

IDS

intrusion detection

dataset

SCADA

An Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computers

Nash, Daniel Charles

15 June 2005

Mobile personal computing devices continue to proliferate and individuals' reliance on them for day-to-day needs necessitate that these platforms be secure. Mobile computers are subject to a unique form of denial of service attack known as a battery exhaustion attack, in which an attacker attempts to rapidly drain the battery of the device. Battery exhaustion attacks greatly reduce the utility of the mobile devices by decreasing battery life. If steps are not taken to thwart these attacks, they have the potential to become as widespread as the attacks that are currently mounted against desktop systems. This thesis presents steps in the design of an intrusion detection system for detecting these attacks, a system that takes into account the performance, energy, and memory constraints of mobile computing devices. This intrusion detection system uses several parameters, such as CPU load and disk accesses, to estimate the power consumption of two test systems using multiple linear regression models, allowing us to find the energy used on a per process basis, and thus identifying processes that are potentially battery exhaustion attacks. / Master of Science

intrusion detection

IDS

battery exhaustion

power attacks

linear regression model

Social and Nonsocial Priming Effects on 12- to 15-Month-Olds’ Preferences for Infant-Directed Speech

McFayden, Tyler Christine

05 1900

In adults, the availability of certain kinds of cues prior to a recognition task facilitates performance (often called “priming”). Studies have found that conceptual and perceptual priming improves neural efficiency and thus shortens response time in adults. In infant research, various visual and auditory/visual events are used as attention getters to orient the infant to a screen and alert them to upcoming information for their detection, discrimination, and/or recognition. However, the influence of attention-getters on infants’ performance has rarely been systematically evaluated, even though these attention cues could be acting as perceptual/conceptual primes. This study investigated the effect of priming on infants’ preferences for infant-directed speech (IDS) compared to adult-directed speech (ADS). IDS, an inherently social event, can be described as a moderator between attention systems and later language development. Thus, if the attentional network is primed in advance of hearing IDS, it is possible that the magnitude of the IDS preference may change. In this study, 20, 12- to 18-month old infants were provided with either a nonsocial or social prime in an infant-controlled, speech preference procedure with both IDS and ADS speech types. The infant’s total looking duration to IDS relative to ADS was compared for the social versus nonsocial prime condition. Results indicated a main effect for speech and overall IDS preference. However, no significant effect of prime was detected. Results are discussed in terms of future directions to investigate social priming of language in infancy. / Master of Science / In infant research, short duration events are used before the task of interest to orient infants to the screen, increase their attention, and prepare them for the following information to come. These events are called “attention getters” in developmental research, and are used internationally as a way to garner infants’ attention before the main test of interest. Labs use different attention getters based on their prior experience of what works best, and these attention getters vary in content (e.g., social, nonsocial), and format (e.g., audio, visual, audiovisual). The effect of the content of the attention getter on infants’ subsequent performance has never previously been studied, although the content could be acting as a prime for the following task. This study investigated the effect of a social, as opposed to nonsocial, attention getter on infants’ subsequent performance on a speech preference task. Infants (N = 20, 12- to 18-month olds) received both infant-directed speech (IDS; or how caregivers speak to their infants, characterized by shorter sentences, slower rate of speech, and exaggerated vowels) and adult-directed speech (ADS; or how adults speak to other adults, characterized by complex grammar, faster rates of speech, and shorter vowel sounds) which were preceded by either a social (woman saying “Hi Baby” in IDS) or nonsocial (swirling target with chimes) attention getter to investigate their preferences for speech type. It was predicted that infants who received a social prime would demonstrate a stronger preference for IDS over ADS relative to infants who received the nonsocial prime. Results indicated a main effect for speech and overall IDS preference. However, no significant effect of attention getter was detected, and the interaction between speech type and attention getter was not significant. Thus, our predicted results were not supported; the content of the attention getter did not attenuate or augment infants’ speech type preferences. Results are discussed in terms of future directions to better detect social priming in infancy.

priming

infants

IDS

language

attention

attention getter

perception

Sécurité Vérification d’implémentation de protocole / Security Verification of Protocol Implementation

Fu, Yulong

14 March 2014

En ce qui concerne le développement des technologies informatique, les systèmes et les réseaux informatiques sont intensément utilisés dans la vie quotidienne. Ces systèmes sont responsables de nombreuses tâches essentielles pour notre communauté sociale (par exemple, système de traitement médical, E-Commerce, Système d'avion, système de vaisseau spatial, etc.). Quand ces systèmes cessent de fonctionner ou sont corrompus, les pertes économiques peuvent atteindre des sommes inacceptables. Pour éviter ces situations, les systèmes doivent être sécurisés avant leur installation. Alors que la plupart de ces systèmes sont mis en œuvre à partir de spécifications des protocoles, les problèmes de vérification de la sécurité de systèmes concrets renvient à vérifier la sécurité de l'implémentation de ces protocoles. Dans cette thèse, nous nous concentrons sur les méthodes de vérification de la sécurité des implémentations des protocoles et nous sommes intéressés à deux principaux types d'attaques sur les réseaux : Déni de service (DoS) et attaque de Protocol d’authentification. Nous étudions les caractéristiques de ces attaques et les méthodes de vérification formelles. Puis nous proposons modèle étendu de IOLTS et les algorithmes correspondants à la génération de les cas de test pour la vérification de sécurité automatique. Afin d'éviter les explosions d'état possibles, nous formalisons également les expériences de sécurité du testeur comme le « Objectif de Sécurité » pour contrôler la génération de test sur la volée. Parallèlement, une méthode d'analyse basée sur le modèle pour la Systèmes de Détection d'intrusion Anomalie (Anomaly IDS) est également proposée dans cette thèse, ce qui peut améliorer les capacités de détecter des anomalies de l'IDS. Ces méthodes de vérification proposées sont mises en évidence par l'étude de RADIUS protocole et un outil intégré de graphique est également proposé pour facilement les opérations de la génération de test. / Regarding the development of computer technologies, computer systems have been deeply used in our daily life. Those systems have become the foundation of our modern information society. Some of them even take responsibilities for many essential and sensitive tasks (e.g., Medical Treatment System, E-Commerce, Airplane System, Spaceship System, etc.). Once those systems are executed with problems, the loss on the economy may reach an unacceptable number. In order to avoid these disappointing situations, the security of the current systems needs to be verified before their installations. While, most of the systems are implemented from protocol specifications, the problems of verifying the security of concrete system can be transformed to verify the security of protocol implementation. In this thesis, we focus on the security verification methods of protocol implementations and we are interested with two main types of network attacks: Denis-of-Services (DoS) attacks and Protocol Authentication attacks. We investigate the features of these attacks and the existed formal verification methods and propose two extended models of IOLTS and the corresponding algorithms to generate the security verification test cases automatically. In order to avoid the possible state explosions, we also formalize the security experiences of the tester as Security Objective to control the test generation on-the-fly. Meanwhile, a modeled based Anomaly Intrusion Detection Systems (IDS) analysis method is also proposed in this thesis, which can enhance the detect abilities of Anomaly IDS. These proposed verification methods are demonstrated with the case study of RADIUS protocol and an integrated GUI tool is also proposed to simply the operations of test generation.

Vérification de Sécurité

Automate

Anomaly IDS

Test de Sécurité

Security verification

Security of protocol implementation

Automata

Anomaly IDS

Security Testing.

Análise de dados de bases de honeypots: estatística descritiva e regras de IDS

Ferreira, Pedro Henrique Matheus da Costa

04 March 2015

Made available in DSpace on 2016-03-15T19:37:56Z (GMT). No. of bitstreams: 1 PEDRO HENRIQUE MATHEUS DA COSTA FERREIRA.pdf: 2465586 bytes, checksum: c81a1527d816aeb0b216330fd4267b93 (MD5) Previous issue date: 2015-03-04 / Fundação de Amparo a Pesquisa do Estado de São Paulo / A honeypot is a computer security system dedicated to being probed, attacked or compromised. The information collected help in the identification of threats to computer network assets. When probed, attacked and compromised the honeypot receives a sequence of commands that are mainly intended to exploit a vulnerability of the emulated systems. This work uses data collected by honeypots to create rules and signatures for intrusion detection systems. The rules are extracted from decision trees constructed from the data sets of real honeypots. The results of experiments performed with four databases, both public and private, showed that the extraction of rules for an intrusion detection system is possible using data mining techniques, particularly decision trees. The technique pointed out similarities between the data sets, even the collection occurring in places and periods of different times. In addition to the rules obtained, the technique allows the analyst to identify problems quickly and visually, facilitating the analysis process. / Um honeypot é um sistema computacional de segurança dedicado a ser sondado, atacado ou comprometido. As informações coletadas auxiliam na identificação de ameaças computacionais aos ativos de rede. Ao ser sondado, atacado e comprometido o honeypot recebe uma sequência de comandos que têm como principal objetivo explorar uma vulnerabilidade dos sistemas emulados. Este trabalho faz uso dos dados coletados por honeypots para a criação de regras e assinaturas para sistemas de detecção de intrusão. As regras são extraídas de árvores de decisão construídas a partir dos conjuntos de dados de um honeypot real. Os resultados dos experimentos realizados com quatro bases de dados, duas públicas e duas privadas, mostraram que é possível a extração de regras para um sistema de detecção de intrusão utilizando técnicas de mineração de dados, em particular as árvores de decisão. A técnica empregada apontou similaridades entre os conjuntos de dados, mesmo a coleta ocorrendo em locais e períodos de tempos distintos. Além das regras obtidas, a técnica permite ao analista identificar problemas existentes de forma rápida e visual, facilitando o processo de análise.

honeypot

dionaea

mineração de dados

IDS

árvores de decisão

honeypot

dionaea

data mining

IDS

decision trees

CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA