Thesis Details
Analýza síťových bezpečnostních hlášení
The goal of this work is to find groups of IP addresses in network security reports, which were detected in the same, or very similar, time interval. The work introduces an algorithm, which transforms data from security reports into time series. Between all the time series, similar pairs are searched. Subsequently, in the found pairs, we are looking for similar threesomes, in which we try to find similar foursomes, etc. The created solution successfully found 208 similar groups in the set of analyzed data, the largest of which contains 11 similar IP addresses. Based on the data found it is possible to detect machines that are part of the so-called botnet in network security reports.
analysis, network, security report, correlation, vector distance, Hamming distance, time series, Warden
Chudý Peter, doc. Ing., Ph.D. MBA (DCGM FIT BUT), člen
Kekely Lukáš, Ing., Ph.D. (DCSY FIT BUT), člen
Strnadel Josef, Ing., Ph.D. (DCSY FIT BUT), člen
Trchalík Roman, Mgr., Ph.D. (DIFS FIT BUT), člen
@bachelorsthesis{FITBT21766, author = "Erik Dobe\v{s}", type = "Bachelor's thesis", title = "Anal\'{y}za s\'{i}\v{t}ov\'{y}ch bezpe\v{c}nostn\'{i}ch hl\'{a}\v{s}en\'{i}", school = "Brno University of Technology, Faculty of Information Technology", year = 2019, location = "Brno, CZ", language = "czech", url = "https://www.fit.vut.cz/study/thesis/21766/" }