prof. Ing. Pavel Tvrdík, CSc.

Specialist supervisor: Ing. Jan Fesl, Ph.D.

Typical tasks addressed in high-speed internet computer networks are flow control and congestion control. Both of these tasks are solved by network protocols at different layers of the OSI/OSI model.

In comparison with the Internet, data center (DC) communication networks are specific in their conditions and differ significantly in terms of flow control or congestion control. Communication links have higher speed and throughput and high reliability. More importantly, in DC networks compared to the Internet, there is a real possibility to process more global information about the status and load of communication links or network elements (their computer resources), or the possibility of adaptive reconfiguration of the entire DC network according to current communication requirements.

Analyze the properties of published algorithms for flow control and congestion control in DC communication networks. Create a realistic model of a data center communication network and use it to investigate the liḿtations of these algorithms. Develop a methodology for evaluating the quality of these algorithms based on the specific requirements on network traffic in DCs. Based on this analytical survey, design adaptive algorithms for flow control and congestion protection in DC networks utilizing more global network traffic information. Then validate your designs by testing them within the model and evaluate their quality according to your methodology.

Specialist supervisor: Ing. Jan Fesl, Ph.D.

Data centers (DCs) play an important role in many different fields due to the growing importance of cloud computing, but their efficient management and administration pose non-trivial algorithmic problems. A prominent example is the problem of optimal placement of virtual machines (VMs) (or containers) across virtualization nodes. Some variants of this problem can be formulated as an multidimensional bin packing problem, which belongs to the class of NP-hard problems that can be approximately solved using optimization heuristics such as genetic algorithms, tabu search, simulated annealing, etc. The problem can also be solved by reformulating it to another computationally equivalent problem, such as SAT, where existing advanced solvers can be used.

Design a methodology to set various optimization criteria, such as energy consumption of running DC infrastructure, network load, communication latency of running applications, guaranteeing high availability, etc. Construct a model of a DC to simulate and test the properties of optimization algorithms for VM placement on DC virtualization nodes. Using this model, analyze the properties of existing algorithms for solving the problem of optimal VM placement on virtualization nodes, identify their shortcomings, and design, validate, and evaluate new algorithms.

Specialist supervisor: Ing. Jan Fesl, Ph.D.

Classic Intrusion Detection Systems (IDS) have been playing an important role in the security of computer networks or data centers for many years. In the case of networks with ultra-high data flow, the classic IDS concept can no longer be used due to limited local computing power. In order to eliminate this limitation, it appears promising to use a solution based on distributed IDSs (DIDS). The task of the dissertation will be to study algorithms and methods that will be used both for load distribution between network traffic probes and for the analysis of network traffic within a specific DIDS. To increase efficiency or refining the performance of the prediction of a specific network activity using DIDS collaborative machine learning appears perspective since it fully supports the DIDS concept.

Specialist supervisor: Ing. Jan Fesl, Ph.D.

Distributed DDOS attacks (classic or slow) pose a major threat in today's Internet as well as in software-defined networks and clouds. An effective defense against such attacks is their fast and reliable detection, which is, however, non-trivial given the number of parameters that need to be taken into account. The topic of the dissertation is the research of mathematical models enabling the design of algorithms for the detection of both types of DDOS attacks. Currently, models based on a combination of machine learning and traditional analytical and statistical methods, which enable fast data preprocessing and thus can significantly reduce the time for making decisions, which is absolutely essential in the case of DDOS attacks, seem to be promising.

The configuration of efficiently functioning computer networks arranged in complex topologies is nowadays considered a non-trivial problem. It often happens that a change in the configuration of a particular element within a computer network affects its other parts (e.g., in terms of availability, latency, quality of service, etc.). However, at the time of activation of the configuration, its effect may not be immediately apparent and it is therefore advisable to first verify the possible effects of the configuration. The task of the dissertation is the development of algorithms and methods for the formal verification of the state of network elements, which can point out a potential problem before the actual activation of the configuration.

prof. Ing. Pavel Tvrdík, CSc.

doc. RNDr. Ing. Marcel Jiřina, Ph.D.

Department of Software Engineering

This thesis describes BPMN notation. Based on BPMN notation, dissertation defense process within FIT CTU is then analyzed, modelled, implemented and tested using IBM Business Process Manager platform.

Thesis on DSpace

prof. Ing. Pavel Tvrdík, CSc.

doc. Ing. Daniel Novák, Ph.D.

Department of Computer Systems

This thesis aims to develop a Proof of Concept authentication system that verifies a user's identity by analyzing his/her behavior in a smartphone application. The system exploits data from a smartphone's sensors and touchscreen for behavioral authentication. The result is a fully functional behavioral authentication system with its functionality demonstrated in a simulated mobile banking application.

Thesis on DSpace

prof. Ing. Pavel Tvrdík, CSc.

Ing. Michal Šoch, Ph.D.

Department of Software Engineering

prof. Ing. Pavel Tvrdík, CSc.

Pierre Donat-Bouillud, Ph.D.

Department of Computer Systems

This thesis proposes a novel approach to web service fuzzing that utilizes the OpenAPI Specification. The proposed smart black-box generation-based fuzzer, named openapi-fuzzer, generates and minimizes random payloads to detect vulnerabilities in web services. It is able to minimize the bug-triggering payload to its canonical form. Thanks to this minimization, it is trivial to detect the root cause of an underlying bug. To evaluate its performance, openapi-fuzzer was tested on multiple relevant web services, including Kubernetes, Hashicorp Vault, and Gitea, where it identified several bugs. The results demonstrate that openapi-fuzzer outperforms other state-of-the-art web service fuzzers in terms of the number of bugs found and running time. Furthermore, openapi-fuzzer conducts a performance analysis to identify endpoints that are susceptible to Denial of Service attacks. By providing developers with detailed statistics, openapi-fuzzer helps them identify and fix performance issues in their web services.

Thesis on DSpace

prof. Ing. Pavel Tvrdík, CSc.

Ing. Jiří Kašpar

Department of Software Engineering

prof. Ing. Pavel Tvrdík, CSc.

Ing. Michal Šoch, Ph.D.

Department of Theoretical Computer Science

The Möbius cube is an interesting topology created from the hypercube. Its main advantage is the which that is around one half of the diameter of the hypercube. In this thesis, the shortest path algorithm is described as well as its properties and drawbacks. One major drawback is the possibility of a deadlock. Therefore, a new deadlock-free routing algorithm is introduced and compared to the previous algorithm. Later, usage of hypercube's multicast 1-port wormhole algorithm on the Möbius cube is described.

Thesis on DSpace