Bachelor theses
Crypto-currency miner detection from periodic behavior of network communication
Author
Vojtěch Chvojka
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Koumar
Reviewers
Ing. Michal Štepanovský, Ph.D.
Department
Summary
This bachelor's thesis deals with the detection of cryptocurrency mining from network traffic. Such traffic is usually encrypted. Periodic properties of network communication are suitable as machine learning input because they can be applied to encrypted communication as well. A program was created that, based on the analysis and testing of statistical classifiers, selected the XGBoost classifier and selected the periodic properties of network flows that it evaluated as the most significant for the detection of cryptocurrency mining. A specificity of 99.77 \% and a sensitivity of 98.39 \% were achieved on the test data.
Time series analysis in network flow exporter
Author
David Kežlínek
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Koumar
Reviewers
Ing. Jaroslav Pešek
Department
Summary
The first part of this thesis deals with the problem of monitoring computer networks using IP flows. Then it deals with the analysis of time series obtained from these IP flows, focusing on the extraction of their attributes.
The result of this work is a new module for the open source IP flow exporter ipfixprobe. This new module allows to extend IP flow records with attributes extracted from time series analysis. These attributes can be used as input data for machine learning based threat detection in the future.hese attributes can be used as input data for machine learning based threat detection in the future.
Device classification from ISP network traffic using clustering methods
Author
Karel Mudruňka
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Koumar
Reviewers
doc. Ing. Tomáš Čejka, Ph.D.
Department
Summary
This bachelor's thesis deals with classification of device type based on volumetric information about their network communication using clustering. The provided dataset consists of time series data containing information about network traffic of individual devices in the CESNET3 network. Based on literature, structure of provided dataset and experiments, an appropriate clustering method is selected for the given task. The proposed method achieved classification accuracy of 90 % and macro F1 score of 0.7. The main advantage of the proposed model is consistency of its success rate of predictions over time.
Botnet detection using periodic behavior of network traffic
Author
Dominik Oškera
Year
2025
Type
Bachelor thesis
Supervisor
Ing. Josef Koumar
Reviewers
Ing. Jiří Smítka
Department
Summary
With the rise of internet-connected devices, the number of compromised systems has also increased significantly. A form of malicious software called a botnet represents a serious cybersecurity threat to any device connected to the internet. Due to the wide range of attack vectors and propagation techniques, the spread of botnets is increasing. The detection of active botnets within a network is crucial for maintaining network security. However, it remains a complex challenge.
In this thesis, we propose a novel technique for botnet detection based on the periodic communication patterns between botnet clients and their command-and-control (C\&C) servers. Notably, this method can be applied even to encrypted traffic. We evaluated the proposed approach using machine learning algorithms on an established botnet dataset, CTU-13, and a newly constructed dataset, CESNET-CC25, which we created using the latest botnet variants.
Implementation of library for user friendly providing of datasets
Author
Milan Kureš
Year
2025
Type
Bachelor thesis
Supervisor
Ing. Josef Koumar
Reviewers
Ing. Richard Plný
Department
Summary
This bachelor's thesis focuses on the implementation of a Python library that provides time series datasets from network traffic. In the initial chapters, a survey of existing tools is conducted, followed by exploration of provided datasets, analysis of possible problems, a design of the library structure, and finally the implementation of the library and its testing.
Implemented library provides time series datasets and allows easy preprocessing of their data. Additionally, it offers tools that help with reproducibility of experiments and comparability of models.
Web application for monitoring and managing an anomaly detection system
Author
Maxim Kalvoda
Year
2025
Type
Bachelor thesis
Supervisor
Ing. Josef Koumar
Reviewers
Ing. Richard Plný
Department
Summary
The subject of this thesis is the implementation of a web application to configure and view data from an existing network anomaly detection system. The application provides users with a clear and intuitive environment for viewing data in the form of time series, displaying the outputs of anomaly detection models, and clearly presenting detected single anomalies and whole incidents.
First author performed a recherche of available interfaces and technologies, and then a requirements analysis, design and implementation was carried out.
The result is a two-layer web application written in JavaScript using Nest.js and Vue.js frameworks. The application interacts with the PostgreSQL database of the anomaly detection system and allows filtering and searching IP addresses, displaying their properties and looking into their time series. The application can also be used to configure the system.
Network anomaly detection based on observations
Author
Klára Nosková
Year
2025
Type
Bachelor thesis
Supervisor
Ing. Josef Koumar
Reviewers
Ing. Jaroslav Pešek
Department
Summary
This bachelor thesis focuses on anomaly detection in network traffic, which is crucial for detecting new security threats in modern computer networks. The objective of this thesis is is to design, implement, and experimentally evaluate an anomaly detection method based on the behavior of individual IP addresses, using real-world data from the CESNET3 network. The solution utilizes the Isolation Forest algorithm in combination with a novel approach of preprocessing data based on the aggregation of top-x unique records.
The results show that the proposed approach reliably identifies various types of anomalies, including network scans, and achieves 100% precision on the test dataset. Although this high precision is achieved at the expense of a lower recall value, the low occurrence of false positives allows analysts to focus on the most significant incidents. The proposed method is applicable for enhancing cybersecurity in real-world scenarios.
Master theses
Evaluation of existing neural network-based anomaly detection methods on high-speed network traffic
Author
Timotej Smoleň
Year
2025
Type
Master thesis
Supervisor
Ing. Josef Koumar
Reviewers
Ing. Jaroslav Pešek
Department
Summary
Anomaly detection in network traffic is essential for network management and cybersecurity. In this thesis we evaluate existing neural network-based anomaly detection methods on high-speed network traffic dataset in a fully unsupervised environment. We focus on evaluation in terms of handling the unique challenges presented by high-speed network traffic, including the large volume, speed, and diversity of data as well as deployability of models.