Proudová paralelní detekce anomálií v počítačových sítích
Stream-wise Parallel Anomaly Detection in Computer Networks
dc.contributor.advisor | Kubátová Hana | |
dc.contributor.author | Čejka Tomáš | |
dc.date.accessioned | 2018-11-08T18:52:11Z | |
dc.date.available | 2018-11-08T18:52:11Z | |
dc.date.issued | 2018-10-19 | |
dc.identifier | KOS-414284301305 | |
dc.identifier.uri | http://hdl.handle.net/10467/78609 | |
dc.description.abstract | This dissertation thesis is a collection of author?s works from the areas of the flow-based network monitoring and network security that were elaborated in the last five years. The main feature of all included papers is a so-called stream-wise approach of processing flow data, which is described in this thesis. The stream-wise processing is a suitable principle of security analysis for large-scale computer networks since flow records are being processed on-the-fly when they reach a flow collector. As a proof-of-concept, we have developed an open source NEMEA framework and a set of NEMEA modules for a stream-wise analysis of flow data. There are several included papers in this thesis that show benefits of extended flow records containing information from headers of application protocol (L7). Such extended flow records can increase the reliability of detection algorithms and allow for detection of suspicious traffic that is invisible for traditional flow-based detection methods. The detection modules capable of processing the L7 information are called application-aware. Since the data volume from monitoring systems grows, and it is expected to increase further in the future as well, the next focus of this dissertation thesis is a scalable infrastructure for parallel flow-based analysis. Our experiments show the importance of a correct algorithm for data distribution among multiple computing nodes. Usage of an algorithm that does not respect semantic relations in the flow data has a strong negative influence on the detection results. Therefore, the dissertation thesis shows a method of constructing a proper Flow Scatter that distributes flow data without breaking these semantic relations. Besides the described contributions, there was an extensive experimental evaluation of all works included in the papers. The experiments were performed with data sets from real backbone traffic of Czech national academic network. Additionally, the created flow-based NEMEA modules were deployed in the monitoring infrastructure of CESNET2 network. | cze |
dc.description.abstract | This dissertation thesis is a collection of author?s works from the areas of the flow-based network monitoring and network security that were elaborated in the last five years. The main feature of all included papers is a so-called stream-wise approach of processing flow data, which is described in this thesis. The stream-wise processing is a suitable principle of security analysis for large-scale computer networks since flow records are being processed on-the-fly when they reach a flow collector. As a proof-of-concept, we have developed an open source NEMEA framework and a set of NEMEA modules for a stream-wise analysis of flow data. There are several included papers in this thesis that show benefits of extended flow records containing information from headers of application protocol (L7). Such extended flow records can increase the reliability of detection algorithms and allow for detection of suspicious traffic that is invisible for traditional flow-based detection methods. The detection modules capable of processing the L7 information are called application-aware. Since the data volume from monitoring systems grows, and it is expected to increase further in the future as well, the next focus of this dissertation thesis is a scalable infrastructure for parallel flow-based analysis. Our experiments show the importance of a correct algorithm for data distribution among multiple computing nodes. Usage of an algorithm that does not respect semantic relations in the flow data has a strong negative influence on the detection results. Therefore, the dissertation thesis shows a method of constructing a proper Flow Scatter that distributes flow data without breaking these semantic relations. Besides the described contributions, there was an extensive experimental evaluation of all works included in the papers. The experiments were performed with data sets from real backbone traffic of Czech national academic network. Additionally, the created flow-based NEMEA modules were deployed in the monitoring infrastructure of CESNET2 network. | eng |
dc.language.iso | ENG | |
dc.publisher | České vysoké učení technické v Praze. Vypočetní a informační centrum. | cze |
dc.publisher | Czech Technical University in Prague. Computing and Information Centre. | eng |
dc.rights | A university thesis is a work protected by the Copyright Act. Extracts, copies and transcripts of the thesis are allowed for personal use only and at one?s own expense. The use of thesis should be in compliance with the Copyright Act http://www.mkcr.cz/assets/autorske-pravo/01-3982006.pdf and the citation ethics http://knihovny.cvut.cz/vychova/vskp.html | eng |
dc.rights | Vysokoškolská závěrečná práce je dílo chráněné autorským zákonem. Je možné pořizovat z něj na své náklady a pro svoji osobní potřebu výpisy, opisy a rozmnoženiny. Jeho využití musí být v souladu s autorským zákonem http://www.mkcr.cz/assets/autorske-pravo/01-3982006.pdf a citační etikou http://knihovny.cvut.cz/vychova/vskp.html | cze |
dc.subject | network security,flow data,witness,anomaly detection,parallel processing,data splitting,NEMEA | cze |
dc.subject | network security,flow data,witness,anomaly detection,parallel processing,data splitting,NEMEA | eng |
dc.title | Proudová paralelní detekce anomálií v počítačových sítích | cze |
dc.title | Stream-wise Parallel Anomaly Detection in Computer Networks | eng |
dc.type | disertační práce | cze |
dc.type | doctoral thesis | eng |
dc.date.accepted | 2018-10-19 | |
dc.contributor.referee | Ryšavý Ondřej | |
theses.degree.discipline | Informatika | cze |
theses.degree.grantor | katedra číslicového návrhu | cze |
theses.degree.programme | Informatika | cze |