Thesis Details
Rozšíření behaviorální analýzy síťové komunikace určené pro detekci útoků
This thesis is focused on network behavior analysis (NBA) designed to detect network attacks. The goal of the thesis is to increase detection accuracy of obfuscated network attacks. Methods and techniques used to detect network attacks and network traffic classification were presented first. Intrusion detection systems (IDS) in terms of their functionality and possible attacks on them are described next. This work also describes principles of selected attacks against IDS. Further, obfuscation methods which can be used to overcome NBA are suggested. The tool for automatic exploitation, attack obfuscation and collection of this network communication was designed and implemented. This tool was used for execution of network attacks. A dataset for experiments was obtained from collected network communications. Finally, achieved results emphasized requirement of training NBA models by obfuscated malicious network traffic.
network behavior analysis, NBA, detection of network attacks, IDS, IPS, network traffic classification, attack, attack on network service, network attacks, data mining, machine learning, ASNM, exploit, obfuscation, segmentation, fragmentation, MTU modification, packet reordering, packet duplication, packet loss, packet corruption, detection
Burget Radek, doc. Ing., Ph.D. (DIFS FIT BUT), člen
Drahanský Martin, prof. Ing., Dipl.-Ing., Ph.D. (DITS FIT BUT), člen
Hrubý Martin, Ing., Ph.D. (DITS FIT BUT), člen
Rozinajová Viera, doc. Ing., Ph.D. (FIIT STU), člen
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT), člen
@mastersthesis{FITMT16524, author = "Martin Tekn\H{o}s", type = "Master's thesis", title = "Roz\v{s}\'{i}\v{r}en\'{i} behavior\'{a}ln\'{i} anal\'{y}zy s\'{i}\v{t}ov\'{e} komunikace ur\v{c}en\'{e} pro detekci \'{u}tok\r{u}", school = "Brno University of Technology, Faculty of Information Technology", year = 2015, location = "Brno, CZ", language = "czech", url = "https://www.fit.vut.cz/study/thesis/16524/" }