Thesis Details
Detekce a automatická analýza skenování sítí
This bachelor thesis is focused on a computer network monitoring that utilizes flows. Firstly, there is a framework Nemea described, which can be used to build a complex system for network attack detection, and whose module is developed within the thesis. Secondly, port scanning is explained and different methods that can be used to scan ports are defined. The module is designed to detect horizontal scanning. The idea behind this method is to compare a unique number of destination IP addresses, which were asked for with a specific port, with a given threshold in a specific time window. Finally, in the practical part of the thesis the implementation of the module is described and results of the experiments on real data from Cesnet are presented.
Nemea, NetFlow, port scanning, portscan detection, horizontal scans
Bartík Vladimír, Ing., Ph.D. (DIFS FIT BUT), člen
Chudý Peter, doc. Ing., Ph.D. MBA (DCGM FIT BUT), člen
Kunovský Jiří, doc. Ing., CSc. (DITS FIT BUT), člen
Strnadel Josef, Ing., Ph.D. (DCSY FIT BUT), člen
@bachelorsthesis{FITBT18887, author = "Ale\v{s} Proch\'{a}zka", type = "Bachelor's thesis", title = "Detekce a automatick\'{a} anal\'{y}za skenov\'{a}n\'{i} s\'{i}t\'{i}", school = "Brno University of Technology, Faculty of Information Technology", year = 2016, location = "Brno, CZ", language = "czech", url = "https://www.fit.vut.cz/study/thesis/18887/" }