Analýza zpětně rozptýleného DDoS provozu v datech o síťových tocích / Analysis of DDoS Backscatter Traffic in Network Flow Data

Marušiak, Martin

January 2021

This work focuses on detection of denial of service (DoS) attacks which utilize random spoofing of source IP address in attack packets. These types of attacks lead to generation of side effect in a form of backscatter that can be used to identify victims of such attacks. Backscatter analysis has so far been limited to unused address space ranges referred to as network telescopes. This work therefore proposes a new method of DoS attack detection via backscatter outside of network telescope environment where legitimate user traffic is also present. Furthermore proposed approach uses only abstracted traffic in a form of network flows. Presented method was implemented as part of NEMEA system and tested on real flow data capture provided by CESNET.

Detekce síťových anomálií na základě NetFlow dat / Detection of Network Anomalies Based on NetFlow Data

Czudek, Marek

January 2013

This thesis describes the use of NetFlow data in the systems for detection of disruptions or anomalies in computer network traffic. Various methods for network data collection are described, focusing especially on the NetFlow protocol. Further, various methods for anomaly detection  in network traffic are discussed and evaluated, and their advantages as well as disadvantages are listed. Based on this analysis one method is chosen. Further, test data set is analyzed using the method. Algorithm for real-time network traffic anomaly detection is designed based on the analysis outcomes. This method was chosen mainly because it enables detection of anomalies even in an unlabelled network traffic. The last part of the thesis describes implementation of the  algorithm, as well as experiments performed using the resulting  application on real NetFlow data.

BigData řešení pro zpracování rozsáhlých dat ze síťových toků / BigData Approach to Management of Large Netflow Datasets

Melkes, Miloslav

January 2014

This master‘s thesis focuses on distributed processing of big data from network communication. It begins with exploring network communication based on TCP/IP model with focus on data units on each layer, which is necessary to process during analyzation. In terms of the actual processing of big data is described programming model MapReduce, architecture of Apache Hadoop technology and it‘s usage for processing network flows on computer cluster. Second part of this thesis deals with design and following implementation of the application for processing network flows from network communication. In this part are discussed main and problematic parts from the actual implementation. After that this thesis ends with a comparison with available applications for network analysis and evaluation set of tests which confirmed linear growth of acceleration.

Anotace NetFlow dat z pohledu bezpečnosti / Annotation of NetFlow Data from Perspective of Network Security

Kadletz, Lukáš

January 2016

This thesis describes design and implementation of application for offline NetFlow data annotation from perspective of network security. In this thesis is explained the NetFlow architecture in detail along with methods for security incidents detection in the captured data. The application design is based on analysis of manual annotation and supported by several UML diagrams. The Nemea system is used for detecting security events and Warden system as a source of information about reported security incidents on the network. The application uses technologies such as PHP 5, Nette framework, jQuery library and Bootstrap framework. The CESNET association provided NetFlow data for testing the application. The result of this thesis could be used for analysis and annotation of NetFlow data. Resulting data set could be used to verify proper functionality of detection tools.

Obrana před volumetrickými DDoS útoky v prostředí SDN / Mitigation of Volumetric DDoS Attacks in SDN Environment

Hodes, Vojtěch

January 2017

The aim of this Master's thesis is to explore different attitudes and to design various monitoring and detection concepts of volumetric DDoS attacks in core networks. The thesis deals with data flow control protocols with an emphasis on a modern technology of Software Defined Networks. The last part of the thesis describes verification of the theory by setting up a laboratory environment for volumetric DDoS UDP Flood simulation, detection and automated mitigation.

Architektura programového vybavení monitorovací sondy na bázi toků / Software Architecture for Flow Based Monitoring Probe

Špringl, Petr

January 2009

This thesis deals with design and implementation of software architecture for Flexible FlowMon probe, accessories for monitoring high speed computer networks based on IP flows. The probe has been developed in project named Liberouter. There is described flow based monitoring and export formats NetFlow version 5, NetFlow version 9 and IPIFX, which are very widely used. The thesis contains description of hardware part of Flexible FlowMon probe including its requirements for software, which are the base of the whole software architecture. There is detailed description of that part of software architecture which was implemented during the work on this thesis.

Effective Programmatic Analysis of Network Flow Data for Security and Visualization using Higher-order Statistics and Domain Specific Embedded Languages

Conley, Thomas A.

20 July 2012

No description available.

Computer Science

Engineering

Information Science

Information Systems

Information Technology

Statistics

NetFlow

Domain Specific Embedded Language

Entropy

Statistics

Metody měření výkonnostních a kvalitativních parametrů datových sítí / Methods for measurement of data network performance and quality parameters

Sukup, Luboš

January 2012

Master thesis involves the development of quality measurement issues and performance parameters in data networks. It describes the main technologies as they affect the quality and performance parameters and the effect of these parameters for voice, video and data services. Next are listed some methods for measuring parameters of the data network.In the practical part is selected one method of measuring network parameters and properties of this method are demonstrated by illustrative examples.

Systém pro správu malé podnikové sítě / Monitoring and Control System for Small Company

Holešinský, Jan

January 2014

The goal of this thesis is to design and to implement the active and passive monitoring and control system for small company with emphasis on the most automated control and deployment in a production network. System is appropriately designed using the Nette framework and scripting language Perl which is suitable for control computer systems and networks.

Netopeer: Konfigurační platforma pro síťová zařízení / Netopeer: Configuration Platform for Network Devices

Žižlavský, Marek

January 2010

Master's thesis analyzes available network device configuration options and describes NETCONF configuration protocol and NETCONF event notifications extension in details. It describes Netopeer, open configuration platform developed on Liberouter project, and its pitote deployment as FlowMon probe remote configuration system. Newly designed Netopeer architecture, which adds support for NETCONF event notifications, was verified by reference implementation. Security of the new design and implementation was analyzed, and recommended system settings were provided. This Master's thesis is based on results of previous bachelor's thesis of author and on existing software tools developed by the Liberouter project.