Thesis Details
Analýza zpětně rozptýleného DDoS provozu v datech o síťových tocích
This work focuses on detection of denial of service (DoS) attacks which utilize random spoofing of source IP address in attack packets. These types of attacks lead to generation of side effect in a form of backscatter that can be used to identify victims of such attacks. Backscatter analysis has so far been limited to unused address space ranges referred to as network telescopes. This work therefore proposes a new method of DoS attack detection via backscatter outside of network telescope environment where legitimate user traffic is also present. Furthermore proposed approach uses only abstracted traffic in a form of network flows. Presented method was implemented as part of NEMEA system and tested on real flow data capture provided by CESNET.
DoS, DDoS, NetFlow, network flow, network telescope, backscatter, machine learning
Drábek Vladimír, doc. Ing., CSc. (DCSY FIT BUT), člen
Fučík Otto, doc. Dr. Ing. (DCSY FIT BUT), člen
Křivka Zbyněk, Ing., Ph.D. (DIFS FIT BUT), člen
Martínek Tomáš, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Smrčka Aleš, Ing., Ph.D. (DITS FIT BUT), člen
@mastersthesis{FITMT23867, author = "Martin Maru\v{s}iak", type = "Master's thesis", title = "Anal\'{y}za zp\v{e}tn\v{e} rozpt\'{y}len\'{e}ho DDoS provozu v datech o s\'{i}\v{t}ov\'{y}ch toc\'{i}ch", school = "Brno University of Technology, Faculty of Information Technology", year = 2021, location = "Brno, CZ", language = "czech", url = "https://www.fit.vut.cz/study/thesis/23867/" }