Bachelor theses
Crypto-currency miner detection from periodic behavior of network communication
Author
Vojtěch Chvojka
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Koumar
Reviewers
Ing. Michal Štepanovský, Ph.D.
Department
Summary
This bachelor's thesis deals with the detection of cryptocurrency mining from network traffic. Such traffic is usually encrypted. Periodic properties of network communication are suitable as machine learning input because they can be applied to encrypted communication as well. A program was created that, based on the analysis and testing of statistical classifiers, selected the XGBoost classifier and selected the periodic properties of network flows that it evaluated as the most significant for the detection of cryptocurrency mining. A specificity of 99.77 \% and a sensitivity of 98.39 \% were achieved on the test data.
Time series analysis in network flow exporter
Author
David Kežlínek
Year
2023
Type
Bachelor thesis
Supervisor
Ing. Josef Koumar
Reviewers
Ing. Jaroslav Pešek
Department
Summary
The first part of this thesis deals with the problem of monitoring computer networks using IP flows. Then it deals with the analysis of time series obtained from these IP flows, focusing on the extraction of their attributes.
The result of this work is a new module for the open source IP flow exporter ipfixprobe. This new module allows to extend IP flow records with attributes extracted from time series analysis. These attributes can be used as input data for machine learning based threat detection in the future.hese attributes can be used as input data for machine learning based threat detection in the future.
Device classification from ISP network traffic using clustering methods
Author
Karel Mudruňka
Year
2024
Type
Bachelor thesis
Supervisor
Ing. Josef Koumar
Reviewers
doc. Ing. Tomáš Čejka, Ph.D.
Department
Summary
This bachelor's thesis deals with classification of device type based on volumetric information about their network communication using clustering. The provided dataset consists of time series data containing information about network traffic of individual devices in the CESNET3 network. Based on literature, structure of provided dataset and experiments, an appropriate clustering method is selected for the given task. The proposed method achieved classification accuracy of 90 % and macro F1 score of 0.7. The main advantage of the proposed model is consistency of its success rate of predictions over time.