Směrování ve vysokorychlostních počítačových sítích / Routing in High-speed Computer Networks

Vlček, Lukáš

January 2013

Goal of this master thesis is to introduce and bring up basics and principles of NetCOPE framework in many details using "first approach" method for exploration of its internal structures - mainly focusing on application core using VHDL for focus itself. Furthermore, this knowledge is used for design and implementation of filtration system for network traffic with more details within phase of design in VHDL language.

Extending a Platform for IT-Security Exercises

Björn, Johan

January 2011

The Swedish Defence Research Agency, FOI, has developed a platform that is used to train and study IT-security. This platform was used during the cyber Baltic shield, an international cyber security exercise. During the exercise, a number of teams acting as system administrators, tried to secure and defend the system of a fictive power supply company. Another team acted as a terrorist organisation with the goal to compromise the systems of the power supply companies and shut down their power generators. FOI has also developed a security assessment method, named XMASS, which is implemented in a software tool called SANTA. This can be used to model a networked IT-system and get a picture of its current state of security. This thesis aims to integrate the tool, SANTA, with the platform for cyber security exercises to get the ability to visualise a system and analyse its security during an IT-security exercise. The thesis also identifies some problems with XMASS regarding how traffic mediators, for example firewalls, are modelled. A literature review is performed to get a picture of the current state of research on security assessment methods and leads to a proposition of a new model for traffic mediators.

IT-Security

IT-Security Assessment

IT-Security Exercise

Traffic Filtering

Firewalls

Computer and Information Sciences

Data- och informationsvetenskap

Zpracování paketů pomocí knihovny DPDK / Packet Processing Using DPDK Library

Procházka, Aleš

January 2019

This master thesis focuses on filtering and forwarding packets in high speed networks. Firstly the DPDK framework is introduced, which is used for fast packet processing. This project also introduces a design of application for high-speed packet filtering and design of tools for making it easier to work with that application. Subsequently, the implementation of this design is introduced and testing with comparison of results with a standard firewall

Porovnávání jazyků a redukce automatů používaných při filtraci síťového provozu / Comparing Languages and Reducing Automata Used in Network Traffic Filtering

Havlena, Vojtěch

January 2017

The focus of this thesis is the comparison of languages and the reduction of automata used in network traffic monitoring. In this work, several approaches for approximate (language non-preserving) reduction of automata and comparison of their languages are proposed. The reductions are based on either under-approximating the languages of automata by pruning their states, or over-approximating the language by introducing new self-loops (and pruning redundant states later). The proposed approximate reduction methods and the proposed probabilistic distance utilize information from a network traffic. Formal guarantees with respect to a model of network traffic, represented using a probabilistic automaton are provided. The methods were implemented and evaluated on automata used in network traffic filtering.

Внешние угрозы в сфере информационной безопасности. Исследование методов фильтрации трафика : магистерская диссертация / External threats in information security. Research of traffic filtering methods

Лощенко, В. А., Loshchenko, V. A.

January 2022

В работе рассмотрены основные виды внешних угроз в сфере информационной безопасности и проведена оценка их потенциальной опасности. Выполнено исследование принципа работы метода фильтрации трафика как способа защиты от большого количества внешних угроз безопасности. Произведён анализ и сравнение систем фильтрации трафика, составлен алгоритм работы основной части сетевого фильтра. На основании проведенного анализа был спроектирован и разработан прототип системы фильтрации трафика, удовлетворяющий всем определённым требованиям. Проведено тестирование разработанного прототипа фильтра трафика с помощью нескольких видов тестирования и дана оценка эффективности работы разработанной системы. / This paper considers the main types of external threats in the field of information security and assesses their potential danget. A study was made of the principle of operation of the traffic filtering method of as a way to protect against a large number of external security threats. An analysis and comparison of traffic filtering systems has been made, an algorithm for the operation of the main part of the network filter has been compiled. Based on the analysis, a prototype of a traffic filtering system was designed and developed that satisfies all the specific requirements. The developed prototype of the traffic filter was tested using several types of testing and the efficiency of the developed system was evaluated.

УГРОЗЫ БЕЗОПАСНОСТИ

СЕТЕВОЙ ТРАФИК

ФИЛЬТРАЦИЯ ТРАФИКА

MASTER'S THESIS

INFORMATION SECURITY

INFORMATION SYSTEM

TOOLS OF INFORMATION SECURITY

EXTERNAL THREATS

NETWORK TRAFFIC

TRAFFIC FILTERING