Bachelor theses
Experimental Analysis of Fragmentation Attacks on DNSSEC Servers
Author
Václav Šulc
Year
2014
Type
Bachelor thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
doc. Ing. Tomáš Čejka, Ph.D.
Department
Master theses
Detection of DoS Attacks via Network Flow Analysis
Author
Matěj Plch
Year
2012
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
prof. Ing. Róbert Lórencz, CSc.
Department
A Universal NfSen Plugin for Analysis of Network Flows in the Statistical System R
Author
Martin Kopp
Year
2012
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
An iPhone Application for Communication with the EDUX System
Author
Lukáš Kukačka
Year
2012
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
Monitoring of network intrusions using honeypot systems
Author
Tomáš Herout
Year
2013
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Martin Bílý
Department
iOS implementation of heart beat waveform analysis
Author
Jan Zahula
Year
2014
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Miroslav Skrbek, Ph.D.
Department
Summary
This thesis deals with detection of features in heart pulse waveforms on Apple iOS devices. We chose the MLMC (Multi-resolution Linear Model Comparison) that focuses on the most significant changes in the waveform. The method was implemented in ANSI C to ensure platform independence. An Apple iPhone application was developed for real-time signal processing. It was successfully tested with real data.
Interconnection of BIND DNS server and Squid proxy server
Author
Pavel Diviš
Year
2014
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
A service and an NfSen plugin for analysis of network flows by sequential statistical methods
Author
Martin Neumann
Year
2014
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
Detection of DNS Anomalies via Data Mining Analysis of Network Traffic
Author
Michal Pohořelý
Year
2015
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Miroslav Skrbek, Ph.D.
Department
A Snort Plugin for Analysis of Network Traffic by Statistical Methods
Author
Michal Keníž
Year
2015
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Alexandru Moucha, Ph.D.
Department
Summary
This thesis deals with development of an extension for the open-source detection system Snort that enables the use of statistical method for detection of network anomalies. The thesis describes the architecture of Snort and possibilities for its extensions. Included is a survey of sequential statistical methods for detection of network anomalies. The developed plugin was tested with a selected method NP-CUSUM. Developed was also a web application that displays the detection statistics and allows optimization of their parameters using automatically stored historical data. The presented solution is extendable and enables the use of other statistical detection methods in the Snort system.
A Turris Plugin for Analysis of Network Traffic by Statistical Methods
Author
Marek Krátký
Year
2015
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Alexandru Moucha, Ph.D.
Department
Summary
This master thesis deals with design and implementation of a plugin for a router developed in a research project Turris of the Czech top level DNS domain maintainer CZ.NIC. The implemented plugin analyzes network traffic uses statistical method NP-CUSUM to detect network anomalies. The thesis describes the project Turris, types of network anomalies, and statistical methods with focus on change point detection. It also includes analysis of data from real network traffic and testing of the implemented method.
Detection of Anomalies in Network Traffic via Data Mining Analysis of Network Flows
Author
Petr Lessner
Year
2016
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Department
Summary
This thesis deals with development of a plugin for an intrusion detection system NfSen that implements behavioral analysis of network flows. The purpose of the plugin is to detect anomalous behavior of hosts that may represent an attack or a failure in the network. The developed plugin employs a clustering algorithm DBSCAN in combination with detection of outliers via the LOF algorithm. The plugin orders detected anomalies by their significance that corresponds to the outlier factor LOF. The plugin was tested with data from a real network traffic where it detected several different anomalies.
Development of Randomized Penetration Tests of Computer Network Infrastructure
Author
Tomáš Král
Year
2015
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Tomáš Zahradnický, Ph.D.
Department
Summary
This thesis deals with possibilities to hide penetration tests and network attacks to prevent their detection by commonly used detection systems. It also explores possibilities of compromising secure communication using Man in the Middle attacks. A methodology is discussed and tested to verify the security of encrypted communications between servers and applications on mobile devices or computers. An application was developed and tested to verify configuration of secure communications of web servers.
A generator of network traffic at the level of application protocols
Author
Jan Karafiát
Year
2016
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Reviewers
Ing. Tomáš Čejka, Ph.D.
Department
Summary
This thesis deals with modeling and generating network traffic at the application level. A selected behavioral model for HTTP traffic is extended with specification of MIME types for objects embedded in web pages. A generator of HTTP traffic has been developed and tested that can service several clients in parallel. It supports generating traffic in three different modes: re-transmitting previously captured packets, resending files extracted from a pcap file, and stochastic generating. Testing of the developed program confirmed that the generated traffic reliably conforms to the specified model and its parameters. The traffic was recognized by monitoring software as HTTP traffic.
Automated testing of secure configuration of services with encrypted communication
Author
Martin Volek
Year
2017
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Department
Summary
This thesis deals with verifying secure configuration of services with selected encrypted network protocols. The thesis includes a study of cryptographic technologies commonly used in network communications, including security aspects of their configuration. A part of the thesis is the design and implemetation of a testing tool for automated verification of secure configuration of selected encrypted network protocols and the corresponding services. The tool has been tested in a real network environment and is usable in real life.
Cryptographically Secure Methods of Port Knocking and Single Packet Authorization
Author
Petr Klejch
Year
2017
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Department
Summary
This thesis analyses and compares existing solutions for communication between hosts using filtered network ports to verify identity of clients and change configuration of a firewall. Two approaches are discussed and compared -- port knocking and single packet authorization. Based on the analysis it is designed and implemented cryptographically secure tool, which allows secure connection to services of MS Windows operating system.
Detection and Physical Localization of Intruders in WiFi Networks
Author
Jakub Samek
Year
2018
Type
Master thesis
Supervisor
Mgr. Rudolf Bohumil Blažek, Ph.D.
Department
Summary
This thesis deals with developing an implementation of a distributed system for defending WiFi networks against attacks and usage policy violations. The thesis analyzes existing methods and available tools for detection, physical localization, and blocking of selected wireless devices for the purpose of protecting WiFi networks. The thesis includes design and implementation of a distributed computer system that employs affordable commercially available WiFi hardware to detect, localize, and block unauthorized WiFi devices, including unauthorized access points. The system was successfully tested in a testbed network.