Thesis Details
Profilování síťových entit pro zlepšení situačního povědomí
Having a good situational awareness is an important part of computer security. Knowing what is connected to the network, where it is located, and who is communicating can help make better and faster decisions when security incidents occur. This thesis is focusing on the profiling of network entities at the device level. More specifically, it focuses on the passive identification of operating systems. Every packet transferred in the network carries a specific information in its packet header that reflects the initial settings of a host's operating system. The set of these information is called the "fingerprint" of an operating system. In the thesis, there is described an implementation of a machine learning classifier using the decision tree method, which uses features from TCP and IP headers. The classifier was evaluated on a data set containing data from real network traffic and has achieved accuracy of 96 % when classifying into 9 classes of operating systems.
Situational Awareness, Profiling" operating systems, IP flow, monitoring, operating systemidentification
Hliněná Dana, doc. RNDr., Ph.D. (DMAT FEEC BUT), člen
Kořenek Jan, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Křena Bohuslav, Ing., Ph.D. (DITS FIT BUT), člen
Szőke Igor, Ing., Ph.D. (DCGM FIT BUT), člen
@bachelorsthesis{FITBT24028,
author = "Ren\'{e} Bolf",
type = "Bachelor's thesis",
title = "Profilov\'{a}n\'{i} s\'{i}\v{t}ov\'{y}ch entit pro zlep\v{s}en\'{i} situa\v{c}n\'{i}ho pov\v{e}dom\'{i}",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2021,
location = "Brno, CZ",
language = "czech",
url = "https://www.fit.vut.cz/study/thesis/24028/"
}