This thesis describes the design and implementation of system for effective detection of network anomaly using DNS data. Effective detection is accomplished by combination and cooperation of detectors and detection techniques. Flow data in NetFlow and IPFIX formats are used as input for detection. Also packets in pcap format can be used. Main focus is put on detection of DNS tunneling. Thesis also describes Domain Name System (DNS) and anomalies associated with DNS.
| Identifer | oai:union.ndltd.org:nusl.cz/oai:invenio.nusl.cz:234983 |
| Date | January 2015 |
| Creators | Fomiczew, Jiří |
| Contributors | Žádník, Martin, Kováčik, Michal |
| Publisher | Vysoké učení technické v Brně. Fakulta informačních technologií |
| Source Sets | Czech ETDs |
| Language | Czech |
| Detected Language | English |
| Type | info:eu-repo/semantics/masterThesis |
| Rights | info:eu-repo/semantics/restrictedAccess |
Page generated in 0.0023 seconds