Show simple item record

Stream-wise Parallel Anomaly Detection in Computer Networks

dc.contributor.advisorKubátová Hana
dc.contributor.authorČejka Tomáš
dc.date.accessioned2018-11-08T18:52:11Z
dc.date.available2018-11-08T18:52:11Z
dc.date.issued2018-10-19
dc.identifierKOS-414284301305
dc.identifier.urihttp://hdl.handle.net/10467/78609
dc.description.abstractThis dissertation thesis is a collection of author?s works from the areas of the flow-based network monitoring and network security that were elaborated in the last five years. The main feature of all included papers is a so-called stream-wise approach of processing flow data, which is described in this thesis. The stream-wise processing is a suitable principle of security analysis for large-scale computer networks since flow records are being processed on-the-fly when they reach a flow collector. As a proof-of-concept, we have developed an open source NEMEA framework and a set of NEMEA modules for a stream-wise analysis of flow data. There are several included papers in this thesis that show benefits of extended flow records containing information from headers of application protocol (L7). Such extended flow records can increase the reliability of detection algorithms and allow for detection of suspicious traffic that is invisible for traditional flow-based detection methods. The detection modules capable of processing the L7 information are called application-aware. Since the data volume from monitoring systems grows, and it is expected to increase further in the future as well, the next focus of this dissertation thesis is a scalable infrastructure for parallel flow-based analysis. Our experiments show the importance of a correct algorithm for data distribution among multiple computing nodes. Usage of an algorithm that does not respect semantic relations in the flow data has a strong negative influence on the detection results. Therefore, the dissertation thesis shows a method of constructing a proper Flow Scatter that distributes flow data without breaking these semantic relations. Besides the described contributions, there was an extensive experimental evaluation of all works included in the papers. The experiments were performed with data sets from real backbone traffic of Czech national academic network. Additionally, the created flow-based NEMEA modules were deployed in the monitoring infrastructure of CESNET2 network.cze
dc.description.abstractThis dissertation thesis is a collection of author?s works from the areas of the flow-based network monitoring and network security that were elaborated in the last five years. The main feature of all included papers is a so-called stream-wise approach of processing flow data, which is described in this thesis. The stream-wise processing is a suitable principle of security analysis for large-scale computer networks since flow records are being processed on-the-fly when they reach a flow collector. As a proof-of-concept, we have developed an open source NEMEA framework and a set of NEMEA modules for a stream-wise analysis of flow data. There are several included papers in this thesis that show benefits of extended flow records containing information from headers of application protocol (L7). Such extended flow records can increase the reliability of detection algorithms and allow for detection of suspicious traffic that is invisible for traditional flow-based detection methods. The detection modules capable of processing the L7 information are called application-aware. Since the data volume from monitoring systems grows, and it is expected to increase further in the future as well, the next focus of this dissertation thesis is a scalable infrastructure for parallel flow-based analysis. Our experiments show the importance of a correct algorithm for data distribution among multiple computing nodes. Usage of an algorithm that does not respect semantic relations in the flow data has a strong negative influence on the detection results. Therefore, the dissertation thesis shows a method of constructing a proper Flow Scatter that distributes flow data without breaking these semantic relations. Besides the described contributions, there was an extensive experimental evaluation of all works included in the papers. The experiments were performed with data sets from real backbone traffic of Czech national academic network. Additionally, the created flow-based NEMEA modules were deployed in the monitoring infrastructure of CESNET2 network.eng
dc.language.isoENG
dc.publisherČeské vysoké učení technické v Praze. Vypočetní a informační centrum.cze
dc.publisherCzech Technical University in Prague. Computing and Information Centre.eng
dc.rightsA university thesis is a work protected by the Copyright Act. Extracts, copies and transcripts of the thesis are allowed for personal use only and at one?s own expense. The use of thesis should be in compliance with the Copyright Act http://www.mkcr.cz/assets/autorske-pravo/01-3982006.pdf and the citation ethics http://knihovny.cvut.cz/vychova/vskp.html.eng
dc.rightsVysokoškolská závěrečná práce je dílo chráněné autorským zákonem. Je možné pořizovat z něj na své náklady a pro svoji osobní potřebu výpisy, opisy a rozmnoženiny. Jeho využití musí být v souladu s autorským zákonem http://www.mkcr.cz/assets/autorske-pravo/01-3982006.pdf a citační etikou http://knihovny.cvut.cz/vychova/vskp.html.cze
dc.subjectnetwork security,flow data,witness,anomaly detection,parallel processing,data splitting,NEMEAcze
dc.subjectnetwork security,flow data,witness,anomaly detection,parallel processing,data splitting,NEMEAeng
dc.titleProudová paralelní detekce anomálií v počítačových sítíchcze
dc.titleStream-wise Parallel Anomaly Detection in Computer Networkseng
dc.typeDOKTORSKÁ PRÁCEcze
dc.typeDISSERTATIONeng
dc.date.accepted2018-10-19
dc.contributor.refereeRyšavý Ondřej
theses.degree.disciplineInformatikacze
theses.degree.grantorkatedra číslicového návrhucze
theses.degree.programmeInformatikacze


Files in this item


This item appears in the following Collection(s)

Show simple item record