Thesis Details
Detekce anomálií na základě SNMP komunikace
The aim of this thesis was to develop a practically applicable set of methods for classification and detection of anomalies in computer network environments. I have created extensions to the network monitoring system in the form of two modules for an open source network monitoring tool based on machine learning. The created modules can learn the characteristics of normal network traffic. The first module, based on the algorithm Random Forest Classifier, detects and is able to classify several known denial-of-service attacks. The second module, based on the algorithm Local Outlier Factor, detects anomalous levels of network traffic. Attacks that the first module is able to classify are the following: TCP SYN flood, UDP flood and ICMP flood. Moreover, it was trained to detect the SSH Bruteforce attacks and the slow and fragmented Slowloris attack. While working on this thesis, I tested the device using the methods mentioned above. The experiments showed that the classification-based module is able to detect known attacks, except for the Slowloris attack, whose characteristics are not very different from normal traffic. The second module sucessfully detects higher levels of network traffic, but does not perform the classification.
network monitoring, LibreNMS, anomaly detection, SNMP, DDoS classification
Hliněná Dana, doc. RNDr., Ph.D. (DMAT FEEC BUT), člen
Kořenek Jan, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Křena Bohuslav, Ing., Ph.D. (DITS FIT BUT), člen
Szőke Igor, Ing., Ph.D. (DCGM FIT BUT), člen
@bachelorsthesis{FITBT23474,
author = "Daniel \v{S}t\v{e}p\'{a}n",
type = "Bachelor's thesis",
title = "Detekce anom\'{a}li\'{i} na z\'{a}klad\v{e} SNMP komunikace",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2021,
location = "Brno, CZ",
language = "czech",
url = "https://www.fit.vut.cz/study/thesis/23474/"
}