51 |
Odvozování pravidel pro mitigaci DDoS / Deriving DDoS Mitigation RulesHurta, Marek January 2017 (has links)
This thesis is aimed at monitoring of computer networks using NetFlow data. It describes main aspects of detection network anomalies using IDS systems. Next part describes Nemea framework, which is used for creating modules. These modules are able to detect network incidents and attacks. Following chapters contain a brief overview of common network attacks with their specific remarks which can help in process of their detection. Based on this analysis, the concept of mitigation rules was created. These rules can be used for mitigation of DDoS attack. This method was tested on several data sets and it produced multiple mitigation rules. These rules were applied on data sets and they marked most of the suspicious flows.
|
52 |
Surveillance logicielle à base d'une communauté d'agents mobilesBernichi, Mâamoun 30 November 2009 (has links)
Les agents mobiles peuvent physiquement migrer à travers un réseau informatique dans le but d’effectuer des tâches sur des machines, ayant la capacité de leur fournir un support d’exécution. Ces agents sont considérés comme composants autonomes, une propriété qui leur permet de s'adapter à des environnements dynamiques à l'échelle d'un réseau large. Ils peuvent également échanger des informations entre eux afin de collaborer au sein de leur groupe, nous parlerons ainsi d'une communauté d'agents mobiles. Nous avons développé ce concept de communauté, en se référant aux recherches et aux études précédentes pour définir un nouveau modèle comportemental d'agent mobile. Ce modèle est utilisé pour répondre aux besoins de la surveillance logicielle. Celle ci consiste à collecter des événements à partir de plusieurs sources de données (Log, événements système…) en vue de leur analyse pour pouvoir détecter des événements anormaux. Cette démarche de surveillance s'appuie sur plusieurs types d'agents mobiles issus du même modèle. Chaque type d'agent gère un domaine fonctionnel précis. L'ensemble des ces agents constitue une communauté pouvant collaborer avec différentes autres communautés lorsqu'il existe plusieurs sites à surveiller. Les résultats de cette approche nous ont permis d'évoquer les limites liées à la taille des données collectées, ce qui nous amène à de nouvelles perspectives de recherche et à penser un agent mobile "idéal". Enfin, nous nous intéressons également à l'application de la communauté d'agent mobile pour les systèmes de détection d'intrusion et la remontée d'anomalie / Mobile agents can physically travel across a network, and perform tasks on machines, that provide agent hosting capability. These agents are autonomous; this property allows them to adapt themselves on a dynamic environment in a large network. Also, they can exchange information and data in order to collaborate within their group; in this case we can talk about community of mobile agents. We refer to previous studies and research to develop this concept of community by defining a new behavioural pattern of mobile agent. This pattern is used in monitoring software approach which consist of collecting events from various data sources (log file, OS events…) and analyse them to detect abnormal events. This approach is based on different kind of mobile agents, each kind manages some features. Whole of those mobile agents constitute a community which collaborate with other communities if there are a several sites to supervise. The results of this approach allow us to evoke some limits related to size of collected data. This limit pushes us to have a new possibility of research and probably define an ideal mobile agent. Lastly, we illustrate our mobile approach with results about intrusion detection system application to retrieve anomalies
|
53 |
SEGURANÇA E CONFIABILIDADE EM IDS BASEADOS EM AGENTES. / IDS SECURITY AND RELIABILITY BASED ON AGENTS.MORAES, Falkner de Área Leão 16 February 2009 (has links)
Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-21T12:14:23Z
No. of bitstreams: 1
Falkner de Arêa Leão Moraes.pdf: 2601896 bytes, checksum: 0fa8b49e3f279d911a70b4f78d9cbe08 (MD5) / Made available in DSpace on 2017-08-21T12:14:23Z (GMT). No. of bitstreams: 1
Falkner de Arêa Leão Moraes.pdf: 2601896 bytes, checksum: 0fa8b49e3f279d911a70b4f78d9cbe08 (MD5)
Previous issue date: 2009-02-16 / Lack of security is a constant concern in open distributed systems. Threats are present
within environments insecure, uncertain and constantly changing. Due to this problem, many
tools for evaluating vulnerabilities of the network as well as for their protection are being
developed as techniques for encryption and software systems such as antivirus, firewall and
IDS (Intrusion Detection System). Among these, there are IDS systems that are being
conceived, designed and implemented, using techniques executed by agents. However, it is
necessary to assure security and reliability of exchanged messages inside IDS. For this
purpose, this paper proposes a security solution for IDS based on agents. The proposed
solution provides a methodology and a secure mechanism for communication among agents,
through information protection configuration mechanisms, authentication and authorization,
key control and messages persistence using XML. The proposed solution is implemented as
an extension to the IDS-NIDIA (Network Intrusion Detection System based on Intelligent
Agents), whose architecture has an intelligent agent society that communicate in a cooperative
way in a distributed environment. The implementation of the prototype and tests proposed in
this work show the applicability of the proposed solution. / A falta de segurança é uma preocupação constante em sistemas distribuídos abertos.
Ameaças estão presentes dentro de ambientes inseguros, incertos e que mudam
constantemente. Devido a esses problemas, diversas ferramentas para avaliação de
vulnerabilidades da rede, bem como para sua proteção, estão sendo desenvolvidas como
técnicas de criptografia e softwares como antivírus, firewall e IDS (Intrusion Detection
System). Dentre estas, destaca-se Sistemas IDS que estão crescentemente sendo concebidos,
projetados e implementados, usando técnicas de segurança executadas por agentes.
Entretanto, é necessário que a segurança e a confiabilidade das mensagens trocadas dentro de
um sistema IDS sejam asseguradas. Para este fim, este trabalho propõe uma solução segura e
confiável para IDS baseada em agentes. A solução propõe estabelecer um esquema de
execução e comunicação segura dos agentes através de mecanismos de proteção de
informações de configuração, autenticação e autorização, controle de chaves e persistência de
mensagens do IDS, utilizando XML. A solução proposta é implementada como uma extensão
do IDS-NIDIA (Network Intrusion Detection System based on Intelligent Agents), cuja
arquitetura consiste em uma sociedade de agentes inteligentes que se comunicam de forma
cooperativa em um ambiente distribuído. A implementação do protótipo e os testes
apresentados neste trabalho demonstram a aplicabilidade da solução proposta.
|
54 |
Key distribution and distributed intrusion detection system in wireless sensor networkTechateerawat, Piya, piyat33@yahoo.com January 2008 (has links)
This thesis proposes a security solution in key management and Intrusion Detection System (IDS) for wireless sensor networks. It addresses challenges of designing in energy and security requirement. Since wireless communication consumes the most energy in sensor network, transmissions must be used efficiently. We propose Hint Key Distribution (HKD) for key management and Adaptive IDS for distributing activated IDS nodes and cooperative operation of these two protocols. HKD protocol focuses on the challenges of energy, computation and security. It uses a hint message and key chain to consume less energy while self-generating key can secure the secret key. It is a proposed solution to key distribution in sensor networks. Adaptive IDS uses threshold and voting algorithm to distribute IDS through the network. An elected node is activated IDS to monitor its network and neighbors. A threshold is used as a solution to reduce number of repeated activations of the same node. We attempt to distribute the energy use equally across the network. In a cooperative protocol, HKD and Adaptive IDS exchange information in order to adjust to the current situation. The level of alert controls the nature of the interaction between the two protocols.
|
55 |
SISTEMA DE DETECÇÃO DE INTRUSÃO EM REDES BASEADO EM SOA (NIDS-SOA) PARA SUPORTAR A INTEROPERABILIDADE ENTRE IDS S: APLICAÇÃO AO NIDIACOSTA, Wagner Elvio de Loiola 10 October 2012 (has links)
Made available in DSpace on 2016-08-17T14:53:23Z (GMT). No. of bitstreams: 1
Dissertacao Wagner Elvio.pdf: 4463476 bytes, checksum: 4fda2686652d403cd2641f98f3b51575 (MD5)
Previous issue date: 2012-10-10 / The antivirus system and firewall are protection systems designed to prevent malicious
work in the network, thus constituting a barrier to invaders (e.g. vírus, worms e hackers).
However, there is no guarantee a full protection to network and computers, invasions can
occur by exploiting vulnerabilities, known, and allow running programs remotely, changing
privileges within the system and the dissemination of important information. In this
case, Intrusion Detection System IDS (Intrusion Detection System) allows the detection
of intrusions and subsequent notification to the network administrator or, in conjunction
with the firewall blocks the port used in the invasion or the IP address of the attacker.
An important factor for the intrusion detection is the quality of subscriber base. However
IDS systems are isolated systems and the interoperability among different vendors IDS
is complex and difficult to implement. Existing IDS systems in the literature, including the
IDS NIDIA (Instrusion-Detection System Network Intrusion Detection System based on
Intelligent Agents) are isolated systems, are not easily reused. Generally, they communicate
using different protocols and are designed with different programming paradigms.
In this work it is proposed an architecture based on the philosophy SOA (Service Oriented
Architecture) to support interoperability between IDS systems. The IDS-NIDIA will be
adapted and extended according to the SOA philosophy, containing layers of web services
in order to provide a static service composition between the layers of the application
and reuse of information with other IDS s. / Os sistemas antivírus e firewall são sistemas de proteção que visam impedir a execução
de ações maléficas na rede, constituindo, portanto, uma barreira aos invasores
(e.g.vírus, worms e hackers). Entretanto, não há como garantir uma proteção total da
rede e dos computadores, podendo ocorrer invasões através da exploração de vulnerabilidades,
já conhecidas, que permitem a execução de programas remotamente, a alteração
de privilégios dentro do sistema e a divulgação de informações importantes.
Neste caso, o Sistema de Detecção de Intrusão-IDS(Intrusion Detection System) permite
a detecção de intrusões e a consequente notificação ao administrador da rede ou,
em conjunto com o firewall, bloqueia a porta utilizada na invasão ou o endereço IP do
atacante. Um fator importante para a detecção de intrusões é a qualidade da base de assinaturas.
Entretanto os sistemas IDS são sistemas isolados e a interoperabilidade entre
IDS de fornecedores diferentes é complexa e de difícil implementação. Os sistemas IDS
existentes na literatura, incluindo o IDS-NIDIA (Instrusion Detection System- Network Intrusion
Detection System based on Intelligent Agents), são sistemas isolados, não são
facilmente reutilizados. Geralmente, estes se comunicam utilizando diferentes protocolos
e são criados com paradigmas de programação diferentes. É proposta uma arquitetura
baseado na filosofia SOA (Service Oriented Architecture ) para suportar a interoperabilidade
entre sistemas IDS. O sistema IDS-NIDIA será adaptado e estendido de acordo
com esta filosofia SOA, contendo camadas de serviços web com o propósito de oferecer
uma composição de serviço estática entre as camadas de aplicação e o reuso de informações
com outros IDS s.
|
56 |
Detektering av långsam portskanning i realtidssystemPettersson, Mattias January 2017 (has links)
I denna rapport beskriver jag min undersökning av en metod för detektering av långsam portskanning i ett system som utför realtidsanalys. Portskanning används som en rekognoceringsmetod bland illasinnade aktörer i IT-världen. Det används för att bilda en uppfattning om eventuella svagheter som kan finnas i ett nätverk. Långsam portskanning används för att lura ev. Detekteringssystem och därmed kunna skanna utan att upptäckas. Detektering av långsam portskanning kan vara resurskrävande för arbetsminnet då en stor buffer traditionellt upprättas för att analysera nätverkstrafik över en längre tidsperiod. Det finns även lösningar som analyserar nätverksflöden, vilket istället innebär en förlust av information och att port skanning ej kan upptäckas i realtid. Jag har skapat ett detekteringsystem där jag undersöker möjligheten att använda en databas för detektering av långsam portskanning. Det görs i ett system som ana-lyserar paket i realtid. Resultatet blev ett program som klarar av just det. Det upptäcker vanliga portskan-ningsattacker i realtid och långsamma attacker via presentation i en databas. / In this report I describe my investigation of a method for slow port scanning detec-tion in a real-time analysis system. Port scanning is used as a reconnaissance technique used by perpetrators in the IT world. It is used to form an idea of any vulnerabilities that may exist in a network. Slow port scanning is used to try to bypass detection systems and thus able to per-form a scan without being detected. Slow port scanning detection may be resource-intensive for the computer memory since a large buffer is traditionally established to analyze network traffic over a longer period of time. There are also solutions that analyze netflow data, which provides less information and is unable to detect port scanning in real time. I have created a detection system where I investigate the possibility of using data-base in order to detect slow port scanning. The method is part of a system that ana-lyzes real-time packages. The result is a program is capable of doing just that. It detects regular port scan attacks in real time and slow attacks through presentation of the database.
|
57 |
Metoder för motverkande av bruteforce-attacker mot Wi-Fi Protected SetupForsman, Erik, Skoglund, Andreas January 2012 (has links)
Konfigurationsprotokollet Wi-Fi protected setup (WPS) har vissa brister idess design gällande hur autentiseringen av den PIN-kod som används för attansluta en enhet till ett trådlöst nätverk är implementerad. Dessa brister kanutnyttjas av en attackerare för att utföra en bruteforce-attack som på enrelativt kort tid kan identifiera den korrekta koden. Detta arbete har tagit frammetoder för att motverka eller fördröja attacker mot WPS-protokollet sommed relativt enkla medel kan implementeras i befintliga nätverk. Genomutförda praktiska experiment där en fristående server upptäckt en attack ochgenomfört olika försvarsmetoder har de mekanismer som presenterats utvärderats. Slutsatsen är att den effektivaste metoden för att avbryta en bruteforce-attackmot protokollet är att automatiskt byta ut PIN-koden då en attack upptäcks. / Wi-Fi protected setup (WPS), a protocol used to configure wireless clients, isflawed in regard to the design of the authentication procedure for the PIN-code used to connect a new device. This flaw can be exploited by an attackerto perform a brute force attack to identify the code. This report presentsmethods to counteract brute force attacks performed against the WPS-protocol. The study has been performed by practical experiments where thecountermeasures have been evaluated and their performance has beenmeasured. With simple means, such as a third party acting on the routersbehalf in implementing countermeasures against the attacker, the attack canbe counteracted. The conclusion is that the most effective way of countering the WPS-bruteforce attack presented is to automatically replace the PIN-code with arandomly generated one when an attack is detected.
|
58 |
Investiční výstavba spolufinancovaná z fondů EU / Investment Construction Co-financed from EU FundsSklenářová, Hana January 2015 (has links)
This theses is focused on the European Union and EU funds. Description of structural policy and its history, with a focus on structural and cohesion funds. Furthermore, attention is focused on the subsidy received from the ROP southeast. In summary is given a new programming framework 2014-2020. The practical part of the thesis was to describe, analyze and evaluate the project co-financed by EU structural funds. The project was implemented within the ROP SE and tackle integrated transport in the region Breclav.
|
59 |
Performance Analysis of a Light Weight Packet ScannerGandhi, Paras 05 December 2008 (has links)
The growth of networks around the world has also given rise to threats like viruses and Trojans. This rise in threats has resulted in counter measures for these threats. These counter measures are in the form of applications called firewalls or IDS. The incorporation of these applications in the network results in some delay in communications. The aim of the experiment in this thesis is to measure the delay introduced by such a firewall in the best case and compare it with the communication done on a network without such an application. These experiments are done using a special miniature computer called the net4801 with an embedded operating system and the packet scanning application (firewall or IDS) executing on it.
|
60 |
Incremental Support Vector Machine Approach for DoS and DDoS Attack DetectionSeunghee Lee (6636224) 14 May 2019 (has links)
<div>
<div>
<div>
<p>Support Vector Machines (SVMs) have generally been effective in detecting instances of network intrusion. However, from a practical point of view, a standard SVM is not able to handle large-scale data efficiently due to the computation complexity of the algorithm and extensive memory requirements. To cope with the limitation, this study presents an incremental SVM method combined with a k-nearest neighbors (KNN) based candidate support vectors (CSV) selection strategy in order to speed up training and test process. The proposed incremental SVM method constructs or updates the pattern classes by incrementally incorporating new signatures without having to load and access the entire previous dataset in order to cope with evolving DoS and DDoS attacks. Performance of the proposed method is evaluated with experiments and compared with the standard SVM method and the simple incremental SVM method in terms of precision, recall, F1-score, and training and test duration.<br></p>
</div>
</div>
</div>
|
Page generated in 0.0313 seconds