Author: "Krobot, Pavel" - Searchworks@Jio Institute Digital Library Search Results

Your search keyword '"Krobot, Pavel"' showing total 60 results

Start Over Author "Krobot, Pavel"

60 results on '"Krobot, Pavel"'

1. Low-level mixed-phase clouds at the high Arctic site of Ny-Ålesund: A comprehensive long-term dataset of remote sensing observations

Author: Chellini, Giovanni, primary, Gierens, Rosa, additional, Ebell, Kerstin, additional, Kiszler, Theresa, additional, Krobot, Pavel, additional, Myagkov, Alexander, additional, Schemann, Vera, additional, and Kneifel, Stefan, additional
Published: 2023
Full Text: View/download PDF

2. Low-level mixed-phase clouds at the high Arctic site of Ny-Ålesund: a comprehensive long-term dataset of remote sensing observations.

Author: Chellini, Giovanni, Gierens, Rosa, Ebell, Kerstin, Kiszler, Theresa, Krobot, Pavel, Myagkov, Alexander, Schemann, Vera, and Kneifel, Stefan
Subjects: REMOTE sensing, ICE clouds, ROBUST statistics, MICROWAVE radiometers, MICROWAVE radiometry, RADAR, DOPPLER radar, QUALITY control
Abstract: We present a comprehensive quality-controlled 15-month dataset of remote sensing observations of low-level mixed-phase clouds (LLMPCs) taken at the high Arctic site of Ny-Ålesund, Svalbard, Norway. LLMPCs occur frequently in the Arctic region and extensively affect the energy budget. However, our understanding of the ice microphysical processes taking place in these clouds is incomplete. The dual-wavelength and polarimetric Doppler cloud radar observations, which are the cornerstones of the dataset, provide valuable fingerprints of ice microphysical processes, and the high number of cases included allows for the compiling of robust statistics for process studies. The radar data are complemented with thermodynamic retrievals from a microwave radiometer, liquid base height from a ceilometer, and wind fields from large-eddy simulations. All data are quality controlled, especially the cloud radar data, which are accurately calibrated, matched, and corrected for gas and liquid-hydrometeor attenuation, ground clutter, and range folding. We finally present an analysis of the temperature dependence of Doppler, dual-wavelength, and polarimetric radar variables, to illustrate how the dataset can be used for cloud microphysical studies. The dataset has been published in and is freely available at: 10.5281/zenodo.7803064. [ABSTRACT FROM AUTHOR]
Published: 2023
Full Text: View/download PDF

3. Multi-year precipitation characteristics based on in-situ and remote sensing observations at the Arctic research site Ny-Ålesund, Svalbard

Author: Ebell, Kerstin, primary, Buhren, Christian, additional, Gierens, Rosa, additional, Lauer, Melanie, additional, Chellini, Giovanni, additional, Dahlke, Sandro, additional, and Krobot, Pavel, additional
Published: 2023
Full Text: View/download PDF

4. Sledování historie aktivity IP adres

Author: Bartoš, Václav, Krobot, Pavel, Bartoš, Václav, and Krobot, Pavel
Abstract: Poslední dobou se objem přenášených dat po síti neustále zvyšuje. K urychlení prohledávání dat je potřeba mít způsob jejich vhodné indexace. Tato bakalářská práce se zabývá tímto problémem, konkrétně ukládáním a vyhledáváním dat za účelem zjištění aktivity komunikujících IP adres. Cílem této práce je navrhnout a implementovat systém pro efektivní dlouhodobé ukládání a vizualizaci aktivity IP adres. Aktivitou je myšleno, zda daná adresa generovala provoz v daném intervalu či ne, tedy lze ji reprezentovat jediným bitem, což redukuje objem prohledávaných dat. Výsledný systém se skládá z backendu monitorujícího provoz a ukládajícího záznamy o aktivitě do uložiště a jejich parametry do konfiguračního souboru. Dále obsahuje webový server, který na základě požadavků uživatele data čte a vizualizuje ve formě obrázků. Uživatel může specifikovat oblast dat, kterou chce zkoumat podrobněji, pomocí interaktivního webového rozhraní., The volume of generated network traffic continually grows. In order to query data inside the traffic, an effective system of indexing data is required. This thesis addresses this problem, specifically effectively storing data for a longer period of time and looking up this data representing activity of communicating IP addresses. The aim of this thesis is to design and implement a system that stores and visualizes IP address activity. Activity means whether given address generated traffic during a given interval or not. This information has a binary value and can be represented by one bit, which significantly reduces volume of queried data. The system consists of backend processing incoming flow records and storing address activity to binary storage. Furthermore, it contains a web server which reads stored activity and visualises it in the form of an image based on user's request. The user can specify an area they wish to examine in more detail in the interactive web interface.

5. Automatizované zpracování provozních záznamů v systému BeeeOn

Author: Vampola, Pavel, Krobot, Pavel, Vampola, Pavel, and Krobot, Pavel
Abstract: Práca sa zaoberá spracovaním prevádzkových záznamov zo serverových aplikácií. Architektúra systému bola navrhnutá na základe štúdie dostupných technológií. Implementačná časť popisuje návrh jednotného formátu prevádzkových záznamov a implementáciu logovacej knižnice. Ďalej je popísaná inštalácia nástrojov, ich konfigurácia a nasadenie na server. Výsledkom je systém pre spracovanie prevádzkových záznamov navrhnutý s ohľadom na škálovateľnosť systému do budúcnosti. Systém bol otestovaný a nasadený v rámci fakultného projektu BeeeOn ., The paper concerns with processing of log files from server applications . System architecture is based on study of availible technologies . Firstly , design of unified log format and impelementation of unified logger library is described . Secondly , installation and configuration of used technologies and their integration is described . The result is log processing system designed to be scalable in the future . System was tested and integrated into project BeeeOn .

6. Vyhledávání podobností v síťových datech

Author: Wrona, Jan, Krobot, Pavel, Wrona, Jan, and Krobot, Pavel
Abstract: Tato práce se zabývá analýzou záznamů o IP tocích. Záznam obsahuje metadata o IP toku na dané síti, jako IP adresy, čísla portů, čísla komunikačních protokolů a další. Cílem je návrh a implementace metrik pro určování podobností mezi NetFlow záznamy. V první části práce je popis analýzy velkého množství dat. Dále jsou předvedeny techniky monitorování sítě a technologie NetFlow. Další části práce jsou věnovány návrhu a implementaci analýzy dat pomocí DBSCANu. Součástí práce je implementace aplikace pro analýzu síťových metadat. Výslednou aplikaci je možné použít pro detekci skenování sítě v NetFlow datech, ale výsledky nejsou jednoznačné, zejména obsahují i záznamy, které k útoku nepatří., This bachelor thesis is interested in analyzing IP flow records. IP flow record contains IP flow metadata of specific network communication such as IP addresses, port numbers, network protocol numbers and other. Main goal is to design and implement metrices to determine similarity of NetFlow records. At the beginning of this thesis is description of how to analyze great amount of data. Next there are shown network monitoring technicies and NetFlow. Other parts of this thesis are dedicated to design and implementation of data analysis using DBSCAN algorithm. Implementation of data analysis application is also part of this thesis. As a result, the application can be used to network scan detection using NetFlow data although the results are not very clear and contain a lot of legitimate communication.

7. Sledování historie aktivity IP adres

Author: Bartoš, Václav, Krobot, Pavel, Bartoš, Václav, and Krobot, Pavel
Abstract: Poslední dobou se objem přenášených dat po síti neustále zvyšuje. K urychlení prohledávání dat je potřeba mít způsob jejich vhodné indexace. Tato bakalářská práce se zabývá tímto problémem, konkrétně ukládáním a vyhledáváním dat za účelem zjištění aktivity komunikujících IP adres. Cílem této práce je navrhnout a implementovat systém pro efektivní dlouhodobé ukládání a vizualizaci aktivity IP adres. Aktivitou je myšleno, zda daná adresa generovala provoz v daném intervalu či ne, tedy lze ji reprezentovat jediným bitem, což redukuje objem prohledávaných dat. Výsledný systém se skládá z backendu monitorujícího provoz a ukládajícího záznamy o aktivitě do uložiště a jejich parametry do konfiguračního souboru. Dále obsahuje webový server, který na základě požadavků uživatele data čte a vizualizuje ve formě obrázků. Uživatel může specifikovat oblast dat, kterou chce zkoumat podrobněji, pomocí interaktivního webového rozhraní., The volume of generated network traffic continually grows. In order to query data inside the traffic, an effective system of indexing data is required. This thesis addresses this problem, specifically effectively storing data for a longer period of time and looking up this data representing activity of communicating IP addresses. The aim of this thesis is to design and implement a system that stores and visualizes IP address activity. Activity means whether given address generated traffic during a given interval or not. This information has a binary value and can be represented by one bit, which significantly reduces volume of queried data. The system consists of backend processing incoming flow records and storing address activity to binary storage. Furthermore, it contains a web server which reads stored activity and visualises it in the form of an image based on user's request. The user can specify an area they wish to examine in more detail in the interactive web interface.

8. Automatizované zpracování provozních záznamů v systému BeeeOn

Author: Vampola, Pavel, Krobot, Pavel, Vampola, Pavel, and Krobot, Pavel
Abstract: Práca sa zaoberá spracovaním prevádzkových záznamov zo serverových aplikácií. Architektúra systému bola navrhnutá na základe štúdie dostupných technológií. Implementačná časť popisuje návrh jednotného formátu prevádzkových záznamov a implementáciu logovacej knižnice. Ďalej je popísaná inštalácia nástrojov, ich konfigurácia a nasadenie na server. Výsledkom je systém pre spracovanie prevádzkových záznamov navrhnutý s ohľadom na škálovateľnosť systému do budúcnosti. Systém bol otestovaný a nasadený v rámci fakultného projektu BeeeOn ., The paper concerns with processing of log files from server applications . System architecture is based on study of availible technologies . Firstly , design of unified log format and impelementation of unified logger library is described . Secondly , installation and configuration of used technologies and their integration is described . The result is log processing system designed to be scalable in the future . System was tested and integrated into project BeeeOn .

9. Vyhledávání podobností v síťových datech

Author: Wrona, Jan, Krobot, Pavel, Wrona, Jan, and Krobot, Pavel
Abstract: Tato práce se zabývá analýzou záznamů o IP tocích. Záznam obsahuje metadata o IP toku na dané síti, jako IP adresy, čísla portů, čísla komunikačních protokolů a další. Cílem je návrh a implementace metrik pro určování podobností mezi NetFlow záznamy. V první části práce je popis analýzy velkého množství dat. Dále jsou předvedeny techniky monitorování sítě a technologie NetFlow. Další části práce jsou věnovány návrhu a implementaci analýzy dat pomocí DBSCANu. Součástí práce je implementace aplikace pro analýzu síťových metadat. Výslednou aplikaci je možné použít pro detekci skenování sítě v NetFlow datech, ale výsledky nejsou jednoznačné, zejména obsahují i záznamy, které k útoku nepatří., This bachelor thesis is interested in analyzing IP flow records. IP flow record contains IP flow metadata of specific network communication such as IP addresses, port numbers, network protocol numbers and other. Main goal is to design and implement metrices to determine similarity of NetFlow records. At the beginning of this thesis is description of how to analyze great amount of data. Next there are shown network monitoring technicies and NetFlow. Other parts of this thesis are dedicated to design and implementation of data analysis using DBSCAN algorithm. Implementation of data analysis application is also part of this thesis. As a result, the application can be used to network scan detection using NetFlow data although the results are not very clear and contain a lot of legitimate communication.

10. Detekce spamu pomocí DNS MX záznamů

Author: Kováčik, Michal, Krobot, Pavel, Kováčik, Michal, and Krobot, Pavel
Abstract: Předmětem této práce je detekce stanic v síti rozesílající nevyžádanou poštu pomocí pasivní analýzy zachyceného DNS provozu. Představuje návrh a implementaci systému, který realizuje detekci DNS anomálií na základě vysokého počtu MX dotazů a poměru obdržených NXDomain odpovědí. Systém byl testován na DNS datech získaných z reálného provozu a jeho testováním a analýzou výsledků byla ověřena funkčnost implementovaných detektorů., The aim of this thesis is the detection of malicious spammer hosts based on passive analysis of captured DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on high volume of MX query per host and high NXDomain ratio. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.

11. Filtr IP toků

Author: Wrona, Jan, Krobot, Pavel, Wrona, Jan, and Krobot, Pavel
Abstract: Predmetom tejto práce je snaha o zjednotenie filtračných jazykov používaných v kolektore IP tokov a v knižnici pre ich analýzu. Momentálne tieto programy používajú rozdielne filtračné moduly a formáty súborov, z čoho plynú isté nezrovnalosti. Návrh filtra vznikol ako súčasť práce na zlepšení integrácie týchto dvoch programov a to poskytnutím implementácie spoločného filtračného modulu podporujúceho populárny filtračný jazyk. Obsahuje teoretický úvod do monitorovania tokov v sieti, zmieňuje aj algoritmy z prostredia klasifikácie tokov použiteľné pri vyhodnocovaní podmienok nad záznamami. Vlastná práca sa venuje návrhu a implementácii filtračného modulu spolu s adaptérmi k spomínanému kolektoru a knižnici. Záver je venovaný vyhodnoteniu výkonu a funkčnosti filtra., This thesis is focused on unification of filtering languages used by IP flow collecting program and library for their analysis. At the moment these implementations use different filtering modules and file formats. Because of this, inconsistencies in results arise and as a response to this, creation of one filtering module was proposed as part of effort to better integrate collection and analysis of IP flows using these programs. The one filtering module aims to provide one implementation and support for popular filtering language for use in the programs. Thesis contains theoretical introduction to flow monitoring in networks, describes algorithms useful for evaluation of conditions on flow records and packets. The core of authors work is design and implementation of the filtering module and its wrappers for the collector and analysis library. Results of performance tests and evaluation of features can be found in the thesis's conclusion.

12. Detekce spamu pomocí DNS MX záznamů

Author: Kováčik, Michal, Krobot, Pavel, Kováčik, Michal, and Krobot, Pavel
Abstract: Předmětem této práce je detekce stanic v síti rozesílající nevyžádanou poštu pomocí pasivní analýzy zachyceného DNS provozu. Představuje návrh a implementaci systému, který realizuje detekci DNS anomálií na základě vysokého počtu MX dotazů a poměru obdržených NXDomain odpovědí. Systém byl testován na DNS datech získaných z reálného provozu a jeho testováním a analýzou výsledků byla ověřena funkčnost implementovaných detektorů., The aim of this thesis is the detection of malicious spammer hosts based on passive analysis of captured DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on high volume of MX query per host and high NXDomain ratio. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.

13. Odvozování pravidel pro mitigaci DDoS

Author: Žádník, Martin, Krobot, Pavel, Žádník, Martin, and Krobot, Pavel
Abstract: Táto práca sa zaoberá monitorovaním sietí pomocou NetFlow dát. Popisuje princípy, na ktorých je založená detekcia bezpečnostných anomálií pomocou IDS systémov. Ďalej popisuje framework Nemea, ktorý slúži na tvorbu modulov schopných detekovat bezpečnostné anomálie na sieti. Následne sa venuje prehľadu jednotlivých útokov kde objasňuje ich špecifické vlastnosti, ako aj možné postupy pri ich analýze. Na základe tejto analýzy je možné vytvoriť sadu mitigačných pravidiel, ktorých aplikáciou môže dôjsť k zmierneniu prebiehajúceho útoku. Na základe získaných poznatkov bol vytvorený návrh systému, ktorý bude schopný vytvárať mitigačné pravidlá automaticky. Pomocou navrhnutej metódy boli vykonané experimenty, pri ktorých metóda označila očakávané množstvo podozrivých dát., This thesis is aimed at monitoring of computer networks using NetFlow data. It describes main aspects of detection network anomalies using IDS systems. Next part describes Nemea framework, which is used for creating modules. These modules are able to detect network incidents and attacks. Following chapters contain a brief overview of common network attacks with their specific remarks which can help in process of their detection. Based on this analysis, the concept of mitigation rules was created. These rules can be used for mitigation of DDoS attack. This method was tested on several data sets and it produced multiple mitigation rules. These rules were applied on data sets and they marked most of the suspicious flows.

14. Detekce tunelování DNS na základě analýzy dat z aplikační vrstvy

Author: Kováčik, Michal, Krobot, Pavel, Kováčik, Michal, and Krobot, Pavel
Abstract: Cieľom práce je návrh detekčného algoritmu na detekciu DNS tunelovania s použitím dát z aplikačnej vrstvy. Samotnému návrhu prechádza prehľad a analýza dostupných tunelovacích nástrojov a ich spoločných znakov. Špecifická pozornosť je venovaná nástroju iodine, s ktorým sú uskutočnené komplexnejšie testy a benchmarky. V závere je implementovaný detekčný algoritmus testovaný na reálnych dátach a sú detailnejšie popísané jeho schopnosti a nedostatky., This bachelor's thesis deals with designing and implementing a detection algorithm for detecting DNS tunnelling using application layer data. The algorithm's design is preceded by overview and analysis of current tunneling tools and their shared characteristics. The tunnelling tool iodine is given extra attention and is used to carry out more complex tests and benchmarks. The thesis concludes by testing the implemented algorithm on real data and highlighting its strengths and shortcomings.

15. Vizualizace síťových bezpečnostních událostí

Author: Krobot, Pavel, Kováčik, Michal, Krobot, Pavel, and Kováčik, Michal
Abstract: Tato práce se zabývá vizualizací síťových bezpečnostních událostí pomocí moderních webových technologií. Byly studovány různé technologie pro tvorbu moderní webové aplikace podporující vizualizaci velkého množství dat. Aplikace vyvinutá v rámci této práce byla navržena pro monitorovací systém NEMEA a umožňuje vizuální analýzu velkého množství bezpečnostních událostí. Vizualizované události navíc umožňují analýzu shora dolů. Aplikace pracuje s daty uloženými v IDEA formátu, který je využíván dalšími službami z oblasti síťové bezpečnosti a aplikace je tím pádem přenositelná i na ně. NEMEA Dashboard byl testován na cílové skupině síťových správců akceptačními testy., This thesis focuses on visualization of network security events via modern web technologies. Multiple technologies for creating modern web application supporting visualising large volume of security events were studied. The application was designed for NEMEA system which thanks to this thesis acquired graphical user interface allowing big data visual analysis. Visualized events allow drill-down analysis. The application operates on security events stored in IDEA format which is used among other network security services and the application is therefore transferrable to them. NEMEA Dashboard has been tested on the target group of network administrators using acceptance tests.

16. Detekce těžení kryptoměn pomocí analýzy dat o IP tocích

Author: Žádník, Martin, Krobot, Pavel, Žádník, Martin, and Krobot, Pavel
Abstract: Táto diplomová práca popisuje obecné informácie o kryptomenách, aké princípy sa využívajú pri tvorbe nových mincí a prečo môže byť ich ťaženie nežiadúce. Ďalej pojednáva o tom, čo je to IP tok a ako funguje monitorovanie sietí pomocou sledovania sieťovej komunikácie na úrovni IP tokov. Popisuje framework Nemea, ktorý slúži na vytváranie komplexných systémov pre detekciu nežiadúcej prevádzky. Vysvetľuje akým spôsobom boli získané dáta zachytávajúce komunikáciu ťaženia kryptomien a následne popisuje analýzu týchto dát. Na základe tejto analýzy je vytvorený návrh pre metódu schopnú detegovať ťaženie kryptomien pomocou záznamov o IP tokoch. Nakoniec táto správa obsahuje vyhodnotenie detekovaných udalostí v rámci rôznych sietí., This master’s thesis describes the general information about cryptocurrencies, what principles are used in the process of creation of new coins and why mining cryptocurrencies can be malicious. Further, it discusses what is an IP flow, and how to monitor networks by monitoring network traffic using IP flows. It describes the Nemea framework that is used to build comprehensive system for detecting malicious traffic. It explains how the network data with communications of the cryptocurrencies mining process were obtained and then provides an analysis of this data. Based on this analysis a proposal is created for methods capable of detecting mining cryptocurrencies by using IP flows records. Finally, proposed detection method was evaluated on various networks and the results are further described.

17. Detekce spamu pomocí DNS MX záznamů

Author: Kováčik, Michal, Krobot, Pavel, Kováčik, Michal, and Krobot, Pavel
Abstract: Předmětem této práce je detekce stanic v síti rozesílající nevyžádanou poštu pomocí pasivní analýzy zachyceného DNS provozu. Představuje návrh a implementaci systému, který realizuje detekci DNS anomálií na základě vysokého počtu MX dotazů a poměru obdržených NXDomain odpovědí. Systém byl testován na DNS datech získaných z reálného provozu a jeho testováním a analýzou výsledků byla ověřena funkčnost implementovaných detektorů., The aim of this thesis is the detection of malicious spammer hosts based on passive analysis of captured DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on high volume of MX query per host and high NXDomain ratio. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.

18. Detekce a automatická analýza skenování sítí

Author: Krobot, Pavel, Kováčik, Michal, Krobot, Pavel, and Kováčik, Michal
Abstract: Tato bakalářská práce se věnuje monitorování počítačových sítí s využitím toků. Je zde popsán framework Nemea, který lze využít k sestavení komplexního systému pro detekci síťových útoků a jehož součástí je modul vyvíjený v rámci této práce. Dále je popsána problematika skenování portů a různé metody, jimiž lze porty skenovat. Modul je navržen pro detekci horizontálního skenování. Základní myšlenkou metody je porovnání unikátního počtu cílových IP adres, na nichž se bylo doptáváno na daný port, se zadaným prahem v určitém časovém okně. V praktické části je představena implementace tohoto modulu a jsou prezentovány výsledky experimentů nad reálnými daty ze sítě Cesnet., This bachelor thesis is focused on a computer network monitoring that utilizes flows. Firstly, there is a framework Nemea described, which can be used to build a complex system for network attack detection, and whose module is developed within the thesis. Secondly, port scanning is explained and different methods that can be used to scan ports are defined. The module is designed to detect horizontal scanning. The idea behind this method is to compare a unique number of destination IP addresses, which were asked for with a specific port, with a given threshold in a specific time window. Finally, in the practical part of the thesis the implementation of the module is described and results of the experiments on real data from Cesnet are presented.

19. Filtr IP toků

Author: Wrona, Jan, Krobot, Pavel, Wrona, Jan, and Krobot, Pavel
Abstract: Predmetom tejto práce je snaha o zjednotenie filtračných jazykov používaných v kolektore IP tokov a v knižnici pre ich analýzu. Momentálne tieto programy používajú rozdielne filtračné moduly a formáty súborov, z čoho plynú isté nezrovnalosti. Návrh filtra vznikol ako súčasť práce na zlepšení integrácie týchto dvoch programov a to poskytnutím implementácie spoločného filtračného modulu podporujúceho populárny filtračný jazyk. Obsahuje teoretický úvod do monitorovania tokov v sieti, zmieňuje aj algoritmy z prostredia klasifikácie tokov použiteľné pri vyhodnocovaní podmienok nad záznamami. Vlastná práca sa venuje návrhu a implementácii filtračného modulu spolu s adaptérmi k spomínanému kolektoru a knižnici. Záver je venovaný vyhodnoteniu výkonu a funkčnosti filtra., This thesis is focused on unification of filtering languages used by IP flow collecting program and library for their analysis. At the moment these implementations use different filtering modules and file formats. Because of this, inconsistencies in results arise and as a response to this, creation of one filtering module was proposed as part of effort to better integrate collection and analysis of IP flows using these programs. The one filtering module aims to provide one implementation and support for popular filtering language for use in the programs. Thesis contains theoretical introduction to flow monitoring in networks, describes algorithms useful for evaluation of conditions on flow records and packets. The core of authors work is design and implementation of the filtering module and its wrappers for the collector and analysis library. Results of performance tests and evaluation of features can be found in the thesis's conclusion.

20. Detekce spamu pomocí DNS MX záznamů

Author: Kováčik, Michal, Krobot, Pavel, Kováčik, Michal, and Krobot, Pavel
Abstract: Předmětem této práce je detekce stanic v síti rozesílající nevyžádanou poštu pomocí pasivní analýzy zachyceného DNS provozu. Představuje návrh a implementaci systému, který realizuje detekci DNS anomálií na základě vysokého počtu MX dotazů a poměru obdržených NXDomain odpovědí. Systém byl testován na DNS datech získaných z reálného provozu a jeho testováním a analýzou výsledků byla ověřena funkčnost implementovaných detektorů., The aim of this thesis is the detection of malicious spammer hosts based on passive analysis of captured DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on high volume of MX query per host and high NXDomain ratio. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.

21. Detekce tunelování DNS na základě analýzy dat z aplikační vrstvy

Author: Kováčik, Michal, Krobot, Pavel, Kováčik, Michal, and Krobot, Pavel
Abstract: Cieľom práce je návrh detekčného algoritmu na detekciu DNS tunelovania s použitím dát z aplikačnej vrstvy. Samotnému návrhu prechádza prehľad a analýza dostupných tunelovacích nástrojov a ich spoločných znakov. Špecifická pozornosť je venovaná nástroju iodine, s ktorým sú uskutočnené komplexnejšie testy a benchmarky. V závere je implementovaný detekčný algoritmus testovaný na reálnych dátach a sú detailnejšie popísané jeho schopnosti a nedostatky., This bachelor's thesis deals with designing and implementing a detection algorithm for detecting DNS tunnelling using application layer data. The algorithm's design is preceded by overview and analysis of current tunneling tools and their shared characteristics. The tunnelling tool iodine is given extra attention and is used to carry out more complex tests and benchmarks. The thesis concludes by testing the implemented algorithm on real data and highlighting its strengths and shortcomings.

22. Detekce a automatická analýza skenování sítí

Author: Krobot, Pavel, Kováčik, Michal, Krobot, Pavel, and Kováčik, Michal
Abstract: Tato bakalářská práce se věnuje monitorování počítačových sítí s využitím toků. Je zde popsán framework Nemea, který lze využít k sestavení komplexního systému pro detekci síťových útoků a jehož součástí je modul vyvíjený v rámci této práce. Dále je popsána problematika skenování portů a různé metody, jimiž lze porty skenovat. Modul je navržen pro detekci horizontálního skenování. Základní myšlenkou metody je porovnání unikátního počtu cílových IP adres, na nichž se bylo doptáváno na daný port, se zadaným prahem v určitém časovém okně. V praktické části je představena implementace tohoto modulu a jsou prezentovány výsledky experimentů nad reálnými daty ze sítě Cesnet., This bachelor thesis is focused on a computer network monitoring that utilizes flows. Firstly, there is a framework Nemea described, which can be used to build a complex system for network attack detection, and whose module is developed within the thesis. Secondly, port scanning is explained and different methods that can be used to scan ports are defined. The module is designed to detect horizontal scanning. The idea behind this method is to compare a unique number of destination IP addresses, which were asked for with a specific port, with a given threshold in a specific time window. Finally, in the practical part of the thesis the implementation of the module is described and results of the experiments on real data from Cesnet are presented.

23. Vizualizace síťových bezpečnostních událostí

Author: Krobot, Pavel, Kováčik, Michal, Krobot, Pavel, and Kováčik, Michal
Abstract: Tato práce se zabývá vizualizací síťových bezpečnostních událostí pomocí moderních webových technologií. Byly studovány různé technologie pro tvorbu moderní webové aplikace podporující vizualizaci velkého množství dat. Aplikace vyvinutá v rámci této práce byla navržena pro monitorovací systém NEMEA a umožňuje vizuální analýzu velkého množství bezpečnostních událostí. Vizualizované události navíc umožňují analýzu shora dolů. Aplikace pracuje s daty uloženými v IDEA formátu, který je využíván dalšími službami z oblasti síťové bezpečnosti a aplikace je tím pádem přenositelná i na ně. NEMEA Dashboard byl testován na cílové skupině síťových správců akceptačními testy., This thesis focuses on visualization of network security events via modern web technologies. Multiple technologies for creating modern web application supporting visualising large volume of security events were studied. The application was designed for NEMEA system which thanks to this thesis acquired graphical user interface allowing big data visual analysis. Visualized events allow drill-down analysis. The application operates on security events stored in IDEA format which is used among other network security services and the application is therefore transferrable to them. NEMEA Dashboard has been tested on the target group of network administrators using acceptance tests.

24. Automatizované zpracování provozních záznamů v systému BeeeOn

Author: Vampola, Pavel, Krobot, Pavel, Vampola, Pavel, and Krobot, Pavel
Abstract: Práca sa zaoberá spracovaním prevádzkových záznamov zo serverových aplikácií. Architektúra systému bola navrhnutá na základe štúdie dostupných technológií. Implementačná časť popisuje návrh jednotného formátu prevádzkových záznamov a implementáciu logovacej knižnice. Ďalej je popísaná inštalácia nástrojov, ich konfigurácia a nasadenie na server. Výsledkom je systém pre spracovanie prevádzkových záznamov navrhnutý s ohľadom na škálovateľnosť systému do budúcnosti. Systém bol otestovaný a nasadený v rámci fakultného projektu BeeeOn ., The paper concerns with processing of log files from server applications . System architecture is based on study of availible technologies . Firstly , design of unified log format and impelementation of unified logger library is described . Secondly , installation and configuration of used technologies and their integration is described . The result is log processing system designed to be scalable in the future . System was tested and integrated into project BeeeOn .

25. Detekce těžení kryptoměn pomocí analýzy dat o IP tocích

Author: Žádník, Martin, Krobot, Pavel, Žádník, Martin, and Krobot, Pavel
Abstract: Táto diplomová práca popisuje obecné informácie o kryptomenách, aké princípy sa využívajú pri tvorbe nových mincí a prečo môže byť ich ťaženie nežiadúce. Ďalej pojednáva o tom, čo je to IP tok a ako funguje monitorovanie sietí pomocou sledovania sieťovej komunikácie na úrovni IP tokov. Popisuje framework Nemea, ktorý slúži na vytváranie komplexných systémov pre detekciu nežiadúcej prevádzky. Vysvetľuje akým spôsobom boli získané dáta zachytávajúce komunikáciu ťaženia kryptomien a následne popisuje analýzu týchto dát. Na základe tejto analýzy je vytvorený návrh pre metódu schopnú detegovať ťaženie kryptomien pomocou záznamov o IP tokoch. Nakoniec táto správa obsahuje vyhodnotenie detekovaných udalostí v rámci rôznych sietí., This master’s thesis describes the general information about cryptocurrencies, what principles are used in the process of creation of new coins and why mining cryptocurrencies can be malicious. Further, it discusses what is an IP flow, and how to monitor networks by monitoring network traffic using IP flows. It describes the Nemea framework that is used to build comprehensive system for detecting malicious traffic. It explains how the network data with communications of the cryptocurrencies mining process were obtained and then provides an analysis of this data. Based on this analysis a proposal is created for methods capable of detecting mining cryptocurrencies by using IP flows records. Finally, proposed detection method was evaluated on various networks and the results are further described.

26. Vyhledávání podobností v síťových datech

Author: Wrona, Jan, Krobot, Pavel, Wrona, Jan, and Krobot, Pavel
Abstract: Tato práce se zabývá analýzou záznamů o IP tocích. Záznam obsahuje metadata o IP toku na dané síti, jako IP adresy, čísla portů, čísla komunikačních protokolů a další. Cílem je návrh a implementace metrik pro určování podobností mezi NetFlow záznamy. V první části práce je popis analýzy velkého množství dat. Dále jsou předvedeny techniky monitorování sítě a technologie NetFlow. Další části práce jsou věnovány návrhu a implementaci analýzy dat pomocí DBSCANu. Součástí práce je implementace aplikace pro analýzu síťových metadat. Výslednou aplikaci je možné použít pro detekci skenování sítě v NetFlow datech, ale výsledky nejsou jednoznačné, zejména obsahují i záznamy, které k útoku nepatří., This bachelor thesis is interested in analyzing IP flow records. IP flow record contains IP flow metadata of specific network communication such as IP addresses, port numbers, network protocol numbers and other. Main goal is to design and implement metrices to determine similarity of NetFlow records. At the beginning of this thesis is description of how to analyze great amount of data. Next there are shown network monitoring technicies and NetFlow. Other parts of this thesis are dedicated to design and implementation of data analysis using DBSCAN algorithm. Implementation of data analysis application is also part of this thesis. As a result, the application can be used to network scan detection using NetFlow data although the results are not very clear and contain a lot of legitimate communication.

27. Vizualizace síťových bezpečnostních událostí

Author: Krobot, Pavel, Kováčik, Michal, Krobot, Pavel, and Kováčik, Michal
Abstract: Tato práce se zabývá vizualizací síťových bezpečnostních událostí pomocí moderních webových technologií. Byly studovány různé technologie pro tvorbu moderní webové aplikace podporující vizualizaci velkého množství dat. Aplikace vyvinutá v rámci této práce byla navržena pro monitorovací systém NEMEA a umožňuje vizuální analýzu velkého množství bezpečnostních událostí. Vizualizované události navíc umožňují analýzu shora dolů. Aplikace pracuje s daty uloženými v IDEA formátu, který je využíván dalšími službami z oblasti síťové bezpečnosti a aplikace je tím pádem přenositelná i na ně. NEMEA Dashboard byl testován na cílové skupině síťových správců akceptačními testy., This thesis focuses on visualization of network security events via modern web technologies. Multiple technologies for creating modern web application supporting visualising large volume of security events were studied. The application was designed for NEMEA system which thanks to this thesis acquired graphical user interface allowing big data visual analysis. Visualized events allow drill-down analysis. The application operates on security events stored in IDEA format which is used among other network security services and the application is therefore transferrable to them. NEMEA Dashboard has been tested on the target group of network administrators using acceptance tests.

28. Detekce tunelování DNS na základě analýzy dat z aplikační vrstvy

Author: Kováčik, Michal, Krobot, Pavel, Kováčik, Michal, and Krobot, Pavel
Abstract: Cieľom práce je návrh detekčného algoritmu na detekciu DNS tunelovania s použitím dát z aplikačnej vrstvy. Samotnému návrhu prechádza prehľad a analýza dostupných tunelovacích nástrojov a ich spoločných znakov. Špecifická pozornosť je venovaná nástroju iodine, s ktorým sú uskutočnené komplexnejšie testy a benchmarky. V závere je implementovaný detekčný algoritmus testovaný na reálnych dátach a sú detailnejšie popísané jeho schopnosti a nedostatky., This bachelor's thesis deals with designing and implementing a detection algorithm for detecting DNS tunnelling using application layer data. The algorithm's design is preceded by overview and analysis of current tunneling tools and their shared characteristics. The tunnelling tool iodine is given extra attention and is used to carry out more complex tests and benchmarks. The thesis concludes by testing the implemented algorithm on real data and highlighting its strengths and shortcomings.

29. Detekce a automatická analýza skenování sítí

Author: Krobot, Pavel, Kováčik, Michal, Krobot, Pavel, and Kováčik, Michal
Abstract: Tato bakalářská práce se věnuje monitorování počítačových sítí s využitím toků. Je zde popsán framework Nemea, který lze využít k sestavení komplexního systému pro detekci síťových útoků a jehož součástí je modul vyvíjený v rámci této práce. Dále je popsána problematika skenování portů a různé metody, jimiž lze porty skenovat. Modul je navržen pro detekci horizontálního skenování. Základní myšlenkou metody je porovnání unikátního počtu cílových IP adres, na nichž se bylo doptáváno na daný port, se zadaným prahem v určitém časovém okně. V praktické části je představena implementace tohoto modulu a jsou prezentovány výsledky experimentů nad reálnými daty ze sítě Cesnet., This bachelor thesis is focused on a computer network monitoring that utilizes flows. Firstly, there is a framework Nemea described, which can be used to build a complex system for network attack detection, and whose module is developed within the thesis. Secondly, port scanning is explained and different methods that can be used to scan ports are defined. The module is designed to detect horizontal scanning. The idea behind this method is to compare a unique number of destination IP addresses, which were asked for with a specific port, with a given threshold in a specific time window. Finally, in the practical part of the thesis the implementation of the module is described and results of the experiments on real data from Cesnet are presented.

30. Automatizované zpracování provozních záznamů v systému BeeeOn

Author: Vampola, Pavel, Krobot, Pavel, Vampola, Pavel, and Krobot, Pavel
Abstract: Práca sa zaoberá spracovaním prevádzkových záznamov zo serverových aplikácií. Architektúra systému bola navrhnutá na základe štúdie dostupných technológií. Implementačná časť popisuje návrh jednotného formátu prevádzkových záznamov a implementáciu logovacej knižnice. Ďalej je popísaná inštalácia nástrojov, ich konfigurácia a nasadenie na server. Výsledkom je systém pre spracovanie prevádzkových záznamov navrhnutý s ohľadom na škálovateľnosť systému do budúcnosti. Systém bol otestovaný a nasadený v rámci fakultného projektu BeeeOn ., The paper concerns with processing of log files from server applications . System architecture is based on study of availible technologies . Firstly , design of unified log format and impelementation of unified logger library is described . Secondly , installation and configuration of used technologies and their integration is described . The result is log processing system designed to be scalable in the future . System was tested and integrated into project BeeeOn .

31. Sledování historie aktivity IP adres

Author: Bartoš, Václav, Krobot, Pavel, Bartoš, Václav, and Krobot, Pavel
Abstract: Poslední dobou se objem přenášených dat po síti neustále zvyšuje. K urychlení prohledávání dat je potřeba mít způsob jejich vhodné indexace. Tato bakalářská práce se zabývá tímto problémem, konkrétně ukládáním a vyhledáváním dat za účelem zjištění aktivity komunikujících IP adres. Cílem této práce je navrhnout a implementovat systém pro efektivní dlouhodobé ukládání a vizualizaci aktivity IP adres. Aktivitou je myšleno, zda daná adresa generovala provoz v daném intervalu či ne, tedy lze ji reprezentovat jediným bitem, což redukuje objem prohledávaných dat. Výsledný systém se skládá z backendu monitorujícího provoz a ukládajícího záznamy o aktivitě do uložiště a jejich parametry do konfiguračního souboru. Dále obsahuje webový server, který na základě požadavků uživatele data čte a vizualizuje ve formě obrázků. Uživatel může specifikovat oblast dat, kterou chce zkoumat podrobněji, pomocí interaktivního webového rozhraní., The volume of generated network traffic continually grows. In order to query data inside the traffic, an effective system of indexing data is required. This thesis addresses this problem, specifically effectively storing data for a longer period of time and looking up this data representing activity of communicating IP addresses. The aim of this thesis is to design and implement a system that stores and visualizes IP address activity. Activity means whether given address generated traffic during a given interval or not. This information has a binary value and can be represented by one bit, which significantly reduces volume of queried data. The system consists of backend processing incoming flow records and storing address activity to binary storage. Furthermore, it contains a web server which reads stored activity and visualises it in the form of an image based on user's request. The user can specify an area they wish to examine in more detail in the interactive web interface.

32. Odvozování pravidel pro mitigaci DDoS

Author: Žádník, Martin, Krobot, Pavel, Žádník, Martin, and Krobot, Pavel
Abstract: Táto práca sa zaoberá monitorovaním sietí pomocou NetFlow dát. Popisuje princípy, na ktorých je založená detekcia bezpečnostných anomálií pomocou IDS systémov. Ďalej popisuje framework Nemea, ktorý slúži na tvorbu modulov schopných detekovat bezpečnostné anomálie na sieti. Následne sa venuje prehľadu jednotlivých útokov kde objasňuje ich špecifické vlastnosti, ako aj možné postupy pri ich analýze. Na základe tejto analýzy je možné vytvoriť sadu mitigačných pravidiel, ktorých aplikáciou môže dôjsť k zmierneniu prebiehajúceho útoku. Na základe získaných poznatkov bol vytvorený návrh systému, ktorý bude schopný vytvárať mitigačné pravidlá automaticky. Pomocou navrhnutej metódy boli vykonané experimenty, pri ktorých metóda označila očakávané množstvo podozrivých dát., This thesis is aimed at monitoring of computer networks using NetFlow data. It describes main aspects of detection network anomalies using IDS systems. Next part describes Nemea framework, which is used for creating modules. These modules are able to detect network incidents and attacks. Following chapters contain a brief overview of common network attacks with their specific remarks which can help in process of their detection. Based on this analysis, the concept of mitigation rules was created. These rules can be used for mitigation of DDoS attack. This method was tested on several data sets and it produced multiple mitigation rules. These rules were applied on data sets and they marked most of the suspicious flows.

33. Vizualizace síťových bezpečnostních událostí

Author: Krobot, Pavel, Kováčik, Michal, Krobot, Pavel, and Kováčik, Michal
Abstract: Tato práce se zabývá vizualizací síťových bezpečnostních událostí pomocí moderních webových technologií. Byly studovány různé technologie pro tvorbu moderní webové aplikace podporující vizualizaci velkého množství dat. Aplikace vyvinutá v rámci této práce byla navržena pro monitorovací systém NEMEA a umožňuje vizuální analýzu velkého množství bezpečnostních událostí. Vizualizované události navíc umožňují analýzu shora dolů. Aplikace pracuje s daty uloženými v IDEA formátu, který je využíván dalšími službami z oblasti síťové bezpečnosti a aplikace je tím pádem přenositelná i na ně. NEMEA Dashboard byl testován na cílové skupině síťových správců akceptačními testy., This thesis focuses on visualization of network security events via modern web technologies. Multiple technologies for creating modern web application supporting visualising large volume of security events were studied. The application was designed for NEMEA system which thanks to this thesis acquired graphical user interface allowing big data visual analysis. Visualized events allow drill-down analysis. The application operates on security events stored in IDEA format which is used among other network security services and the application is therefore transferrable to them. NEMEA Dashboard has been tested on the target group of network administrators using acceptance tests.

34. Detekce a automatická analýza skenování sítí

Author: Krobot, Pavel, Kováčik, Michal, Krobot, Pavel, and Kováčik, Michal
Abstract: Tato bakalářská práce se věnuje monitorování počítačových sítí s využitím toků. Je zde popsán framework Nemea, který lze využít k sestavení komplexního systému pro detekci síťových útoků a jehož součástí je modul vyvíjený v rámci této práce. Dále je popsána problematika skenování portů a různé metody, jimiž lze porty skenovat. Modul je navržen pro detekci horizontálního skenování. Základní myšlenkou metody je porovnání unikátního počtu cílových IP adres, na nichž se bylo doptáváno na daný port, se zadaným prahem v určitém časovém okně. V praktické části je představena implementace tohoto modulu a jsou prezentovány výsledky experimentů nad reálnými daty ze sítě Cesnet., This bachelor thesis is focused on a computer network monitoring that utilizes flows. Firstly, there is a framework Nemea described, which can be used to build a complex system for network attack detection, and whose module is developed within the thesis. Secondly, port scanning is explained and different methods that can be used to scan ports are defined. The module is designed to detect horizontal scanning. The idea behind this method is to compare a unique number of destination IP addresses, which were asked for with a specific port, with a given threshold in a specific time window. Finally, in the practical part of the thesis the implementation of the module is described and results of the experiments on real data from Cesnet are presented.

35. Sledování historie aktivity IP adres

Author: Bartoš, Václav, Krobot, Pavel, Bartoš, Václav, and Krobot, Pavel
Abstract: Poslední dobou se objem přenášených dat po síti neustále zvyšuje. K urychlení prohledávání dat je potřeba mít způsob jejich vhodné indexace. Tato bakalářská práce se zabývá tímto problémem, konkrétně ukládáním a vyhledáváním dat za účelem zjištění aktivity komunikujících IP adres. Cílem této práce je navrhnout a implementovat systém pro efektivní dlouhodobé ukládání a vizualizaci aktivity IP adres. Aktivitou je myšleno, zda daná adresa generovala provoz v daném intervalu či ne, tedy lze ji reprezentovat jediným bitem, což redukuje objem prohledávaných dat. Výsledný systém se skládá z backendu monitorujícího provoz a ukládajícího záznamy o aktivitě do uložiště a jejich parametry do konfiguračního souboru. Dále obsahuje webový server, který na základě požadavků uživatele data čte a vizualizuje ve formě obrázků. Uživatel může specifikovat oblast dat, kterou chce zkoumat podrobněji, pomocí interaktivního webového rozhraní., The volume of generated network traffic continually grows. In order to query data inside the traffic, an effective system of indexing data is required. This thesis addresses this problem, specifically effectively storing data for a longer period of time and looking up this data representing activity of communicating IP addresses. The aim of this thesis is to design and implement a system that stores and visualizes IP address activity. Activity means whether given address generated traffic during a given interval or not. This information has a binary value and can be represented by one bit, which significantly reduces volume of queried data. The system consists of backend processing incoming flow records and storing address activity to binary storage. Furthermore, it contains a web server which reads stored activity and visualises it in the form of an image based on user's request. The user can specify an area they wish to examine in more detail in the interactive web interface.

36. Detekce tunelování DNS na základě analýzy dat z aplikační vrstvy

Author: Kováčik, Michal, Krobot, Pavel, Kováčik, Michal, and Krobot, Pavel
Abstract: Cieľom práce je návrh detekčného algoritmu na detekciu DNS tunelovania s použitím dát z aplikačnej vrstvy. Samotnému návrhu prechádza prehľad a analýza dostupných tunelovacích nástrojov a ich spoločných znakov. Špecifická pozornosť je venovaná nástroju iodine, s ktorým sú uskutočnené komplexnejšie testy a benchmarky. V závere je implementovaný detekčný algoritmus testovaný na reálnych dátach a sú detailnejšie popísané jeho schopnosti a nedostatky., This bachelor's thesis deals with designing and implementing a detection algorithm for detecting DNS tunnelling using application layer data. The algorithm's design is preceded by overview and analysis of current tunneling tools and their shared characteristics. The tunnelling tool iodine is given extra attention and is used to carry out more complex tests and benchmarks. The thesis concludes by testing the implemented algorithm on real data and highlighting its strengths and shortcomings.

37. Filtr IP toků

Author: Wrona, Jan, Krobot, Pavel, Wrona, Jan, and Krobot, Pavel
Abstract: Predmetom tejto práce je snaha o zjednotenie filtračných jazykov používaných v kolektore IP tokov a v knižnici pre ich analýzu. Momentálne tieto programy používajú rozdielne filtračné moduly a formáty súborov, z čoho plynú isté nezrovnalosti. Návrh filtra vznikol ako súčasť práce na zlepšení integrácie týchto dvoch programov a to poskytnutím implementácie spoločného filtračného modulu podporujúceho populárny filtračný jazyk. Obsahuje teoretický úvod do monitorovania tokov v sieti, zmieňuje aj algoritmy z prostredia klasifikácie tokov použiteľné pri vyhodnocovaní podmienok nad záznamami. Vlastná práca sa venuje návrhu a implementácii filtračného modulu spolu s adaptérmi k spomínanému kolektoru a knižnici. Záver je venovaný vyhodnoteniu výkonu a funkčnosti filtra., This thesis is focused on unification of filtering languages used by IP flow collecting program and library for their analysis. At the moment these implementations use different filtering modules and file formats. Because of this, inconsistencies in results arise and as a response to this, creation of one filtering module was proposed as part of effort to better integrate collection and analysis of IP flows using these programs. The one filtering module aims to provide one implementation and support for popular filtering language for use in the programs. Thesis contains theoretical introduction to flow monitoring in networks, describes algorithms useful for evaluation of conditions on flow records and packets. The core of authors work is design and implementation of the filtering module and its wrappers for the collector and analysis library. Results of performance tests and evaluation of features can be found in the thesis's conclusion.

38. Detekce těžení kryptoměn pomocí analýzy dat o IP tocích

Author: Žádník, Martin, Krobot, Pavel, Žádník, Martin, and Krobot, Pavel
Abstract: Táto diplomová práca popisuje obecné informácie o kryptomenách, aké princípy sa využívajú pri tvorbe nových mincí a prečo môže byť ich ťaženie nežiadúce. Ďalej pojednáva o tom, čo je to IP tok a ako funguje monitorovanie sietí pomocou sledovania sieťovej komunikácie na úrovni IP tokov. Popisuje framework Nemea, ktorý slúži na vytváranie komplexných systémov pre detekciu nežiadúcej prevádzky. Vysvetľuje akým spôsobom boli získané dáta zachytávajúce komunikáciu ťaženia kryptomien a následne popisuje analýzu týchto dát. Na základe tejto analýzy je vytvorený návrh pre metódu schopnú detegovať ťaženie kryptomien pomocou záznamov o IP tokoch. Nakoniec táto správa obsahuje vyhodnotenie detekovaných udalostí v rámci rôznych sietí., This master’s thesis describes the general information about cryptocurrencies, what principles are used in the process of creation of new coins and why mining cryptocurrencies can be malicious. Further, it discusses what is an IP flow, and how to monitor networks by monitoring network traffic using IP flows. It describes the Nemea framework that is used to build comprehensive system for detecting malicious traffic. It explains how the network data with communications of the cryptocurrencies mining process were obtained and then provides an analysis of this data. Based on this analysis a proposal is created for methods capable of detecting mining cryptocurrencies by using IP flows records. Finally, proposed detection method was evaluated on various networks and the results are further described.

39. Odvozování pravidel pro mitigaci DDoS

Author: Žádník, Martin, Krobot, Pavel, Žádník, Martin, and Krobot, Pavel
Abstract: Táto práca sa zaoberá monitorovaním sietí pomocou NetFlow dát. Popisuje princípy, na ktorých je založená detekcia bezpečnostných anomálií pomocou IDS systémov. Ďalej popisuje framework Nemea, ktorý slúži na tvorbu modulov schopných detekovat bezpečnostné anomálie na sieti. Následne sa venuje prehľadu jednotlivých útokov kde objasňuje ich špecifické vlastnosti, ako aj možné postupy pri ich analýze. Na základe tejto analýzy je možné vytvoriť sadu mitigačných pravidiel, ktorých aplikáciou môže dôjsť k zmierneniu prebiehajúceho útoku. Na základe získaných poznatkov bol vytvorený návrh systému, ktorý bude schopný vytvárať mitigačné pravidlá automaticky. Pomocou navrhnutej metódy boli vykonané experimenty, pri ktorých metóda označila očakávané množstvo podozrivých dát., This thesis is aimed at monitoring of computer networks using NetFlow data. It describes main aspects of detection network anomalies using IDS systems. Next part describes Nemea framework, which is used for creating modules. These modules are able to detect network incidents and attacks. Following chapters contain a brief overview of common network attacks with their specific remarks which can help in process of their detection. Based on this analysis, the concept of mitigation rules was created. These rules can be used for mitigation of DDoS attack. This method was tested on several data sets and it produced multiple mitigation rules. These rules were applied on data sets and they marked most of the suspicious flows.

40. Filtr IP toků

Author: Wrona, Jan, Krobot, Pavel, Štoffa, Imrich, Wrona, Jan, Krobot, Pavel, and Štoffa, Imrich
Abstract: Predmetom tejto práce je snaha o zjednotenie filtračných jazykov používaných v kolektore IP tokov a v knižnici pre ich analýzu. Momentálne tieto programy používajú rozdielne filtračné moduly a formáty súborov, z čoho plynú isté nezrovnalosti. Návrh filtra vznikol ako súčasť práce na zlepšení integrácie týchto dvoch programov a to poskytnutím implementácie spoločného filtračného modulu podporujúceho populárny filtračný jazyk. Obsahuje teoretický úvod do monitorovania tokov v sieti, zmieňuje aj algoritmy z prostredia klasifikácie tokov použiteľné pri vyhodnocovaní podmienok nad záznamami. Vlastná práca sa venuje návrhu a implementácii filtračného modulu spolu s adaptérmi k spomínanému kolektoru a knižnici. Záver je venovaný vyhodnoteniu výkonu a funkčnosti filtra., This thesis is focused on unification of filtering languages used by IP flow collecting program and library for their analysis. At the moment these implementations use different filtering modules and file formats. Because of this, inconsistencies in results arise and as a response to this, creation of one filtering module was proposed as part of effort to better integrate collection and analysis of IP flows using these programs. The one filtering module aims to provide one implementation and support for popular filtering language for use in the programs. Thesis contains theoretical introduction to flow monitoring in networks, describes algorithms useful for evaluation of conditions on flow records and packets. The core of authors work is design and implementation of the filtering module and its wrappers for the collector and analysis library. Results of performance tests and evaluation of features can be found in the thesis's conclusion.

41. Vyhledávání podobností v síťových datech

Author: Wrona, Jan, Krobot, Pavel, Hud, Jakub, Wrona, Jan, Krobot, Pavel, and Hud, Jakub
Abstract: Tato práce se zabývá analýzou záznamů o IP tocích. Záznam obsahuje metadata o IP toku na dané síti, jako IP adresy, čísla portů, čísla komunikačních protokolů a další. Cílem je návrh a implementace metrik pro určování podobností mezi NetFlow záznamy. V první části práce je popis analýzy velkého množství dat. Dále jsou předvedeny techniky monitorování sítě a technologie NetFlow. Další části práce jsou věnovány návrhu a implementaci analýzy dat pomocí DBSCANu. Součástí práce je implementace aplikace pro analýzu síťových metadat. Výslednou aplikaci je možné použít pro detekci skenování sítě v NetFlow datech, ale výsledky nejsou jednoznačné, zejména obsahují i záznamy, které k útoku nepatří., This bachelor thesis is interested in analyzing IP flow records. IP flow record contains IP flow metadata of specific network communication such as IP addresses, port numbers, network protocol numbers and other. Main goal is to design and implement metrices to determine similarity of NetFlow records. At the beginning of this thesis is description of how to analyze great amount of data. Next there are shown network monitoring technicies and NetFlow. Other parts of this thesis are dedicated to design and implementation of data analysis using DBSCAN algorithm. Implementation of data analysis application is also part of this thesis. As a result, the application can be used to network scan detection using NetFlow data although the results are not very clear and contain a lot of legitimate communication.

42. Automatizované zpracování provozních záznamů v systému BeeeOn

Author: Vampola, Pavel, Krobot, Pavel, Beňo, Marek, Vampola, Pavel, Krobot, Pavel, and Beňo, Marek
Abstract: Práca sa zaoberá spracovaním prevádzkových záznamov zo serverových aplikácií. Architektúra systému bola navrhnutá na základe štúdie dostupných technológií. Implementačná časť popisuje návrh jednotného formátu prevádzkových záznamov a implementáciu logovacej knižnice. Ďalej je popísaná inštalácia nástrojov, ich konfigurácia a nasadenie na server. Výsledkom je systém pre spracovanie prevádzkových záznamov navrhnutý s ohľadom na škálovateľnosť systému do budúcnosti. Systém bol otestovaný a nasadený v rámci fakultného projektu BeeeOn ., The paper concerns with processing of log files from server applications . System architecture is based on study of availible technologies . Firstly , design of unified log format and impelementation of unified logger library is described . Secondly , installation and configuration of used technologies and their integration is described . The result is log processing system designed to be scalable in the future . System was tested and integrated into project BeeeOn .

43. Detekce síťových anomálií založená na PCA

Author: Bartoš, Václav, Kováčik, Michal, Krobot, Pavel, Bartoš, Václav, Kováčik, Michal, and Krobot, Pavel
Abstract: Tato práce se zabývá detekcí anomálií v počítačových sítích. Konkrétní metoda, jež bude dále popsána, je založena na analýze hlavních komponent. V rámci této práce byl studován původní návrh této metody a jeho další dvě rozšíření. Základní verze a poslední rozšíření pak byly implementovány společně s jedním dalším malým rozšířením, které bylo navrženo v rámci této práce. Nad výslednou implementací byla následně provedena série testů. Tyto testy přinesly dva hlavní poznatky. První z nich poukazuje na možnou použitelnost analýzy hlavních komponent pro detekci anomálií v síťovém provozu. Druhý pak poznamenává, že přestože se metoda v jistých ohledech ukázala jako funkční, je ještě nedokonalá a je potřeba dalšího výzkumu pro její vylepšení., This thesis deals with subject of network anomaly detection. The method, which will be described in this thesis, is based on principal component analysis. Within the scope of this thesis original design of this method was studied. Another two extensions of this basic method was studied too. Basic version and last extension was implemented with one little additional extension. This one was designed in this thesis. There were series of tests made above this implementation, which provided two findings. First, it shows that principal component analysis could be used for network anomaly detection. Second, even though the proposed method seems to be functional for network anomaly detection, it is still not perfect and additional research is needed to improve this method.

44. Sledování historie aktivity IP adres

Author: Bartoš, Václav, Krobot, Pavel, Pilátová, Kateřina, Bartoš, Václav, Krobot, Pavel, and Pilátová, Kateřina
Abstract: Poslední dobou se objem přenášených dat po síti neustále zvyšuje. K urychlení prohledávání dat je potřeba mít způsob jejich vhodné indexace. Tato bakalářská práce se zabývá tímto problémem, konkrétně ukládáním a vyhledáváním dat za účelem zjištění aktivity komunikujících IP adres. Cílem této práce je navrhnout a implementovat systém pro efektivní dlouhodobé ukládání a vizualizaci aktivity IP adres. Aktivitou je myšleno, zda daná adresa generovala provoz v daném intervalu či ne, tedy lze ji reprezentovat jediným bitem, což redukuje objem prohledávaných dat. Výsledný systém se skládá z backendu monitorujícího provoz a ukládajícího záznamy o aktivitě do uložiště a jejich parametry do konfiguračního souboru. Dále obsahuje webový server, který na základě požadavků uživatele data čte a vizualizuje ve formě obrázků. Uživatel může specifikovat oblast dat, kterou chce zkoumat podrobněji, pomocí interaktivního webového rozhraní., The volume of generated network traffic continually grows. In order to query data inside the traffic, an effective system of indexing data is required. This thesis addresses this problem, specifically effectively storing data for a longer period of time and looking up this data representing activity of communicating IP addresses. The aim of this thesis is to design and implement a system that stores and visualizes IP address activity. Activity means whether given address generated traffic during a given interval or not. This information has a binary value and can be represented by one bit, which significantly reduces volume of queried data. The system consists of backend processing incoming flow records and storing address activity to binary storage. Furthermore, it contains a web server which reads stored activity and visualises it in the form of an image based on user's request. The user can specify an area they wish to examine in more detail in the interactive web interface.

45. Detekce spamu pomocí DNS MX záznamů

Author: Kováčik, Michal, Krobot, Pavel, Plotěný, Ondřej, Kováčik, Michal, Krobot, Pavel, and Plotěný, Ondřej
Abstract: Předmětem této práce je detekce stanic v síti rozesílající nevyžádanou poštu pomocí pasivní analýzy zachyceného DNS provozu. Představuje návrh a implementaci systému, který realizuje detekci DNS anomálií na základě vysokého počtu MX dotazů a poměru obdržených NXDomain odpovědí. Systém byl testován na DNS datech získaných z reálného provozu a jeho testováním a analýzou výsledků byla ověřena funkčnost implementovaných detektorů., The aim of this thesis is the detection of malicious spammer hosts based on passive analysis of captured DNS traffic. It represents the design and implementation of a system which proceeds DNS anomaly detection based on high volume of MX query per host and high NXDomain ratio. The system was tested on DNS data obtained from the real traffic and the functionality of implemented detectors was verified by testing and analysis of results.

46. Detekce tunelování DNS na základě analýzy dat z aplikační vrstvy

Author: Kováčik, Michal, Krobot, Pavel, Koutenský, Michal, Kováčik, Michal, Krobot, Pavel, and Koutenský, Michal
Abstract: Cieľom práce je návrh detekčného algoritmu na detekciu DNS tunelovania s použitím dát z aplikačnej vrstvy. Samotnému návrhu prechádza prehľad a analýza dostupných tunelovacích nástrojov a ich spoločných znakov. Špecifická pozornosť je venovaná nástroju iodine, s ktorým sú uskutočnené komplexnejšie testy a benchmarky. V závere je implementovaný detekčný algoritmus testovaný na reálnych dátach a sú detailnejšie popísané jeho schopnosti a nedostatky., This bachelor's thesis deals with designing and implementing a detection algorithm for detecting DNS tunnelling using application layer data. The algorithm's design is preceded by overview and analysis of current tunneling tools and their shared characteristics. The tunnelling tool iodine is given extra attention and is used to carry out more complex tests and benchmarks. The thesis concludes by testing the implemented algorithm on real data and highlighting its strengths and shortcomings.

47. Detekce a automatická analýza skenování sítí

Author: Krobot, Pavel, Kováčik, Michal, Procházka, Aleš, Krobot, Pavel, Kováčik, Michal, and Procházka, Aleš
Abstract: Tato bakalářská práce se věnuje monitorování počítačových sítí s využitím toků. Je zde popsán framework Nemea, který lze využít k sestavení komplexního systému pro detekci síťových útoků a jehož součástí je modul vyvíjený v rámci této práce. Dále je popsána problematika skenování portů a různé metody, jimiž lze porty skenovat. Modul je navržen pro detekci horizontálního skenování. Základní myšlenkou metody je porovnání unikátního počtu cílových IP adres, na nichž se bylo doptáváno na daný port, se zadaným prahem v určitém časovém okně. V praktické části je představena implementace tohoto modulu a jsou prezentovány výsledky experimentů nad reálnými daty ze sítě Cesnet., This bachelor thesis is focused on a computer network monitoring that utilizes flows. Firstly, there is a framework Nemea described, which can be used to build a complex system for network attack detection, and whose module is developed within the thesis. Secondly, port scanning is explained and different methods that can be used to scan ports are defined. The module is designed to detect horizontal scanning. The idea behind this method is to compare a unique number of destination IP addresses, which were asked for with a specific port, with a given threshold in a specific time window. Finally, in the practical part of the thesis the implementation of the module is described and results of the experiments on real data from Cesnet are presented.

48. Vizualizace síťových bezpečnostních událostí

Author: Krobot, Pavel, Kováčik, Michal, Stehlík, Petr, Krobot, Pavel, Kováčik, Michal, and Stehlík, Petr
Abstract: Tato práce se zabývá vizualizací síťových bezpečnostních událostí pomocí moderních webových technologií. Byly studovány různé technologie pro tvorbu moderní webové aplikace podporující vizualizaci velkého množství dat. Aplikace vyvinutá v rámci této práce byla navržena pro monitorovací systém NEMEA a umožňuje vizuální analýzu velkého množství bezpečnostních událostí. Vizualizované události navíc umožňují analýzu shora dolů. Aplikace pracuje s daty uloženými v IDEA formátu, který je využíván dalšími službami z oblasti síťové bezpečnosti a aplikace je tím pádem přenositelná i na ně. NEMEA Dashboard byl testován na cílové skupině síťových správců akceptačními testy., This thesis focuses on visualization of network security events via modern web technologies. Multiple technologies for creating modern web application supporting visualising large volume of security events were studied. The application was designed for NEMEA system which thanks to this thesis acquired graphical user interface allowing big data visual analysis. Visualized events allow drill-down analysis. The application operates on security events stored in IDEA format which is used among other network security services and the application is therefore transferrable to them. NEMEA Dashboard has been tested on the target group of network administrators using acceptance tests.

49. Distribuované zpracování dat o IP tocích

Author: Žádník, Martin, Kořenek, Jan, Krobot, Pavel, Žádník, Martin, Kořenek, Jan, and Krobot, Pavel
Abstract: Tato práce se zabývá distribuovaným zpracování dat o IP tocích. Konkrétně je pak hlavním cílem poskytnutí řešení softwarového kolektoru, který bude umoţňovat zpracování a ukládání masivního objemu dat. V rámci této práce je zkoumána volně dostupná implementace rámce pro distribuované ukládání a výpočty nad daty Hadoop, která vyuţívá modelu MapReduce. Nad tímto systémem byly následně provedeny experimenty, jejichţ smyslem bylo získat představu o výkonnosti tohoto řešení oproti řešením stávajícím a odhalit slabiny systému. Na základě získaných poznatků byla pak vytvořena specifikace a návrh rozšíření stávajícího softwarového kolektoru. Dle vytvořeného návrhu následně vznikla implementace dotazovací části navrhovaného kolektoru, která se při distribuovaném zpracování dat o IP tocích jeví jako nejvíce kritická. Výsledky experimentů s touto implementací ukázaly výrazné zvýšení výkonu při dotazování a schopnost lineární škálovatelnosti na některých typech dotazů., This thesis deals with the subject of distributed processing of IP flow. Main goal is to provide an implementation of a software collector which allows storing and processing huge amount of a network data in particular. There was studied an open-source implementation of a framework for the distributed processing of large data sets called Hadoop, which is based on MapReduce paradigm. There were made some experiments with this system which provided the comparison with the current systems and shown weaknesses of this framework. Based on this knowledge there was created a specification and scheme for an extension of current software collector within this work. In terms of the created scheme there was created an implementation of query framework for formed collector, which is considered as most critical in the field of distributed processing of IP flow data. Results of experiments with created implementation show significant performance growth and ability of linear scalability with some types of queries.

50. Detekce těžení kryptoměn pomocí analýzy dat o IP tocích

Author: Žádník, Martin, Krobot, Pavel, Šabík, Erik, Žádník, Martin, Krobot, Pavel, and Šabík, Erik
Abstract: Táto diplomová práca popisuje obecné informácie o kryptomenách, aké princípy sa využívajú pri tvorbe nových mincí a prečo môže byť ich ťaženie nežiadúce. Ďalej pojednáva o tom, čo je to IP tok a ako funguje monitorovanie sietí pomocou sledovania sieťovej komunikácie na úrovni IP tokov. Popisuje framework Nemea, ktorý slúži na vytváranie komplexných systémov pre detekciu nežiadúcej prevádzky. Vysvetľuje akým spôsobom boli získané dáta zachytávajúce komunikáciu ťaženia kryptomien a následne popisuje analýzu týchto dát. Na základe tejto analýzy je vytvorený návrh pre metódu schopnú detegovať ťaženie kryptomien pomocou záznamov o IP tokoch. Nakoniec táto správa obsahuje vyhodnotenie detekovaných udalostí v rámci rôznych sietí., This master’s thesis describes the general information about cryptocurrencies, what principles are used in the process of creation of new coins and why mining cryptocurrencies can be malicious. Further, it discusses what is an IP flow, and how to monitor networks by monitoring network traffic using IP flows. It describes the Nemea framework that is used to build comprehensive system for detecting malicious traffic. It explains how the network data with communications of the cryptocurrencies mining process were obtained and then provides an analysis of this data. Based on this analysis a proposal is created for methods capable of detecting mining cryptocurrencies by using IP flows records. Finally, proposed detection method was evaluated on various networks and the results are further described.

Catalog

Books, media, physical & digital resources

See catalog results

Searchworks

Select search scope, currently: Articles Catalog books, media & more in Jio Institute collections Articles journal articles & other e-resources

Search

Search Constraints

Refine your results

Search Limiters

Topic

Publication Year Range

Language

Publication Type

Journal

Database

Publisher

60 results on '"Krobot, Pavel"'

Search Results

Catalog

Select search scope, currently: Articles

Catalog

books, media & more in Jio Institute collections

Articles

journal articles & other e-resources