Prihlásenie

JAKUB HRABOVSKY: Detekcia siet'ovych utokov vo vysoko-rychlostnych poctacovych siet'ach [Dizertacna praca] - Zilinska univerzita v Ziline. Fakulta riadenia a informatiky. Katedra informacnych siet. - Skolitel': doc. Mgr. Ondrej Such, PhD. - Stupen odbornej kvalikacie: Doktor lozoe v studijnom odbore 9.2.9 aplikovana informatika. - Zilina, FRI ZU, aprl 2019, 152 s. Nedostatocna kvalita zabezpecenia sucasnych siet'ovych sluzieb, sp^osobena najma vyskytom masvnych siet'ovych utokov typu DoS/DDoS, vedie casto k nedostupnosti tychto sluzieb. Detekcia siet'ovych utokov spada do oblasti bezpecnosti poctacovych siet a predstavuje problem, ktoremu sa venuje aj predkladana praca. Ciel'om prace je vytvorenie metodiky navrhu detektora DoS/DDoS utokov s pouzitm strojoveho ucenia vo vysokor ychlostnej poctacovej sieti. Praca analyzuje klady a nedostatky aktualnych detekcnych metod, ktore su zalozene na strojovom ucen. Takto zskane trendy su nasledne aplikovane pri tvorbe vlastnej metodiky navrhu detektora siet'ovych utokov. Predlohou specikacie jednotlivych etap metodiky je oblast' rozpoznavania vzorov. Okrem metodiky sa praca zaober a aj generickym navrhom systemu konvolucnej neuronovej siete a jeho implementaciou do FPGA obvodov. V navrhu tohto systemu je pouzity systemovy prstup, ktory viedol ku specikacii jednotlivych subsystemov. Najvacsia pozornost' je venovana navrhu origin alnej struktury 2D konvolutora, ako kl'ucoveho vypoctoveho prvku konvolucnej siete. Pre popis subsystemov, navrhnutych v tejto praci, je vytvoreny gracky model v nastroji Matlab/Simulink a RTL model v jazyku VHDL. Korektna funkcia modelov je overena formou simulacie. Kl'ucove slova: siet'ovy utok, odopretie sluzby, distribuovane odopretie sluzby, system detekcie siet'ovych prienikov, hlboke ucenie, konvolucna neuronova siet', programovatel'ne hradlove polia

JAKUB HRABOVSKY: Network-based Intrusion Detection in High-Speed Computer Networks [Dissertation thesis] - The University of Zilina in Zilina. Faculty of Management Science and Informatics. Department of InfoComm Networks. - Supervisor: doc. Mgr. Ondrej Such, PhD. - Qualication level: Philosophiae doctor in the study eld 9.2.9 Applied Informatics. - Zilina, FRI ZU, april 2019, 152 p. Unsatisfactory quality of security in current network services, caused primarily by massive computer network intrusions such as DoS/DDoS attacks, leads often to an unavailability of these services. Network intrusion detection is a part of computer network security eld and represents a problem that is also addressed in this thesis. The aim of the thesis is a methodology for a design of DoS/DDoS attacks detector with application of machine learning in high-speed computer network. The thesis analyzes pluses and minuses of current intrusion detection methods based on the principles of machine learning. Identied trends are subsequently applied during the creation of own methodology for a design of network intrusion detector. The eld of pattern recognition serves as a template for a specication of the individual methodology stages. Beside the methodology, the thesis deals with a generic design of a convolutional neural network system and its implementation into FPGA circuits. The systematic approach used in this system design helped in a specication of the individual subsystems. The most attention is given to the novel structure of 2D convolver as a key processing element of the convolutional network. The graphical model (built in development tools Matlab/Simulink) and RTL model (written in VHDL) were created in order to describe subsystems, designed in this thesis. The correct function of the models is veried and validated through the simulation. Keywords: network intrusion, denial of service, distributed denial of service, networkbased intrusion detection system, deep learning, convolutional neural network, eld programmable gate arrays