• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 38
  • 9
  • 5
  • 2
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 58
  • 26
  • 16
  • 15
  • 12
  • 12
  • 10
  • 9
  • 9
  • 8
  • 8
  • 7
  • 7
  • 6
  • 6
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Using NetFlow to Analyze Usage and Anomalies in Large Network

Zhong, Ming-Xun 08 September 2004 (has links)
NetFlow is a de facto protocol to export information about IP flow from network device. In this paper, we describe the modification to the famous open source software Flow-tools which let it has the ability to process the large NetFlow data under reasonable time and resource in the first part. In second part, we propose a series network usage and anomalies analysis methods, using TANet as example. These analyses are useful for capacity planning, peering, security, usage policy enacting.
2

Detekce provozu Skype pomocí dat NetFlow / Identifying Skype Traffic Using NetFlow Data

Šebeň, Patrik January 2012 (has links)
NetFlow is a network protocol commonly used for collectiong IP traffic information. But there is a way to use this collected data for indentifying clients in Skype communication. This paper describes identifiable patterns in Skype protocol and how to find them in NetFlow data. This way we can identify nodes and supernodes in Skype network.
3

BotFlowMon: Identify Social Bot Traffic With NetFlow and Machine Learning

Feng, Yebo 06 September 2018 (has links)
With the rapid development of online social networks (OSN), maintaining the security of social media ecosystems becomes dramatically important for public. Among all the security threats in OSN, malicious social bot is the most common risk factor. This paper puts forward a detection method called BotFlowMon that only utilize NetFlow data to identify OSN bot traffic. The detection procedure takes the raw NetFlow data as input and use DBSCAN algorithm to aggregate related flows into transaction level data. Then a special data fusion technique along with a visualization method are proposed to extract features, normalize values and help analyzing flows. A new clustering algorithm called Clustering Based on Density Sort and Valley Point Competition is also designed to subdivide transactions into basic operations. After the above preprocessing steps, some classic machine learning algorithms are applied to construct the classification model. / 2020-09-06
4

Aplikační rozhraní pro práci s netflow daty / Netflow Data Application Interface

Šoltés, Miroslav January 2013 (has links)
This diploma thesis deals with design and implementation of NetFlow data manipulation tool. It contains analysis of IP Flow network monitoring, description of nfdump tool and format of Netflow v9 records saved by nfdump. The focus of this application interface lies in effective manipulation with NetFlow records.
5

Denial of Service Traceback: an Ant-Based Approach

Yang, Chia-Ru 14 July 2005 (has links)
The Denial-of-Service (DoS) attacks with the source IP address spoofing techniques has become a major threat to the Internet. An intrusion detection system is often used to detect DoS attacks and to coordinate with the firewall to block them. However, DoS attack packets consume and may exhaust all the resources, causing degrading network performance or, even worse, network breakdown. A proactive approach to DoS attacks is allocating the original attack host(s) issuing the attacks and stopping the malicious traffic, instead of wasting resources on the attack traffic. In this research, an ant-based traceback approach is proposed to identify the DoS attack origin. Instead of creating a new type or function needed by the router or proceeding the high volume, find-grained data, the proposed traceback approach uses flow level information to spot the origin of a DoS attack. Two characteristics of ant algorithm, quick convergence and heuristic, are adopted in the proposed approach on finding the DoS attack path. Quick convergence efficiently finds out the origin of a DoS attack; heuristic gives the solution even though partial flow information is provided by the network. The proposed method is validated and evaluated through the preliminary experiments and simulations generating various network environments by network simulator, NS-2. The simulation results show that the proposed method can successfully and efficiently find the DoS attack path in various simulated network environments, with full and partial flow information provided by the network.
6

TUPLE FILTERING IN SILK USING CUCKOO HASHES

Webb, Aaron 25 August 2010 (has links)
SiLK Tools is a suite of network ?ow tools that network analysts use to detect intru- sions, viruses, worms, and botnets, and to analyze network performance. One tool in SiLK is tuple ?ltering, where ?ows are ?ltered based on inclusion in a “multi-key” set (MKset) whose unique members are composite keys whose values are from multiple ?elds in a SiLK ?ow record. We propose and evaluate a more e?cient method of im- plementing MKset ?ltering that uses cuckoo hashes, which underlie McHugh et al.’s cuckoo bag (cubag) suite of MKset SiLK tools. Our solution improves execution time for ?ltering with an MKset of size k by a factor of O(logk), and decreases memory footprints for MKset ?ltering by 50%. The solution also saves 90% of disk space for MKset ?le storage, and adds functionality for transformations such as subnet masking on ?ow records during MKset ?ltering.
7

Implementación y Evaluación de Sistema de Monitoreo de Seguridad Basado en Flujos de Paquetes IP

Echeverría Sierralta, Francisco de Borja January 2008 (has links)
Internet es ampliamente utilizada como medio de comunicación y distribución de información en todo el mundo. La información del tráfico de datos, esto es, información de origen y destino de los paquetes IP, entre las distintas organizaciones, puede aportar información valiosa para la seguridad informática de las mismas. Utilizando la información del tráfico de una red es posible identificar comportamientos de software maliciosos o “malware”. Por ejemplo, una máquina infectada con un gusano (worm) intenta contagiar a un grupo de máquinas a través del tráfico IP. En este caso el tráfico muestra una gran cantidad de intentos de conexiones a direcciones IP distintas. Aunque ya existen dispositivos de red y sistemas desarrollados para este fin, los sistemas son de carácter privado, funcionan para algunos dispositivos de red o no son fáciles de utilizar. Durante la memoria se diseñó e implementó un sistema para el análisis offline del tráfico IP proveniente de redes distribuidas. El sistema permite recolectar información de flujos IP proveniente de varias redes geográficamente distribuidas y analizar dicha información para identificar comportamientos maliciosos de computadores en dichas redes. Se evaluó el sistema por medio de dos experimentos, el primero destinado a detectar comportamientos producidos por malware sobre el tráfico IP simulado, el segundo evalúa la efectividad del sistema para la detección de malware en un ambiente real al que se inyecta malware simulado. En el transcurso de la memoria se encontró una dificultad con respecto a la traducción de direcciones de red hecha por los routers. Para estudiar este problema se configuró un ambiente distribuido y se hicieron consultas especiales. El sistema desarrollado y los resultados obtenidos dan una base para la creación de nuevos métodos de detección, con el fin de mejorar la seguridad computacional dentro de las organizaciones.
8

Detekce těžení kryptoměn pomocí analýzy dat o IP tocích / Detection of Cryptocurrency Miners Based on IP Flow Analysis

Šabík, Erik January 2017 (has links)
This master’s thesis describes the general information about cryptocurrencies, what principles are used in the process of creation of new coins and why mining cryptocurrencies can be malicious. Further, it discusses what is an IP flow, and how to monitor networks by monitoring network traffic using IP flows. It describes the Nemea framework that is used to build comprehensive system for detecting malicious traffic. It explains how the network data with communications of the cryptocurrencies mining process were obtained and then provides an analysis of this data. Based on this analysis a proposal is created for methods capable of detecting mining cryptocurrencies by using IP flows records. Finally, proposed detection method was evaluated on various networks and the results are further described.
9

Rozšíření NetFlow záznamů pro zlepšení možností klasifikace šifrovaného provozu / Extending NetFlow Records for Increasing Encrypted Traffic Classification Capabilities

Šuhaj, Peter January 2020 (has links)
Master's thesis deals with selection of attributes proper for classification of encrypted traffic, with the extension of NetFlow entries with these attributes and with creating a tool for classify encrypted TLS traffic. The following attributes were selected: size of packets, inter-packet arrival times, number of packets in flow and size of the flow. Selection of attributes was followed by design of extending NetFlow records with these attributes for classifying encrypted traffic. Extension of records was implemented in language C for exporter of the company Flowmon Networks a.s.. Classifier for collector was implemented in language Python. Classifier is based on a model, for which training data were needed. The exporter contains the classifying algorithm too, the place of the classification can be set. The implementation was followed by creation of testing data and evaluation of the accuracy. The speed of the classifier was tested too. In the best case scenario 47% accuracy was achieved.
10

Interaktivní webové rozhraní pro zobrazení ip flow dat / Interactive Web Interface for IP Flow Data

Salač, Radek January 2012 (has links)
This thesis describes development of application for analyzing IP flow data.    The author conducts relative comparison of already existing protocols and tools and studies theirs pro's and con's.    Based on this comparison and features requested by users,    author develops his own application primarly focused on interactive and user-friendly interface for working with IP flow data.

Page generated in 0.03 seconds