izpis_h1_title_alt

Vizualizacija omrežnega prometa za upravljanje kibernetske varnosti
ID HOFFMANN, JAKA (Author), ID Dobrišek, Simon (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (1,84 MB)
MD5: 386192234DD0609FBD1E0328BC5E18FD

Abstract
Izvajanje nadzora nad omrežnim prometom je s pravim orodjem lahko zelo enostavno. Če se uporablja več orodij in več omrežij, ki jih je potrebno nadzorovati, pa lahko tudi z dobrim orodjem pride do težav. Zato se je v Operativnem centru kibernetske varnosti porodila ideja, da bi se razvilo platformo, ki bi vsa nadzorna orodja in nadzorovana omrežja združila v en sistem. S takim orodjem bi se poenostavilo delo nadzornikov in lahko bi se opravljalo povezovanje med različnimi omrežji ter lažje iskalo napake in jih odpravljalo. Zaznavanje in odziv na napake in napade v sistemu bi se s tem skrajšala. Platforma, ki je opisana v zaključni nalogi, bo zbirala podatke iz sistemov SIEM, drugih omrežnih nadzornih naprav, kot so IDS/IPS in požarne pregrade, ter sistemskih strežnikov, kot so DNS, domenski krmilniki in avtentikacijski strežniki. Iz teh podatkov bo platforma delala analize in iskala korelacije med njimi. S tako celovito analizo in pregledom nad omrežjem bo razvidno, kaj se v omrežju dogaja v stvarnem času. Ko bo platforma pripravljena, bo s pomočjo strojnega učenja prepoznala anomalije v omrežju in pri uporabniku. Za znane anomalije bodo postopki njihovega reševanja avtomatizirani, za nove anomalije pa bo avtomatizirano obveščanje pristojnih tehnikov in intervalno stopnjevanje obveščanja. Platforma bo avtomatizirala postopke reševanja različnih anomalij iz različnih omrežij glede na prioritete omrežja. V zaključnem delu je opisano razvijanje platforme, kako se je delo zastavilo ter kaj je namen in cilj platforme. Trenutno je ogrodje platforme že izdelano. Naslednje korake pri razvoju pa narekujejo potrebe, ki se pojavljajo ob razvoju platforme, ter potrebe, ki nastajajo v sami delovni organizaciji. Opisani so tudi različni deli platforme, njihovo delovanje in medsebojno povezovanje. Trenutno je najpomembneje dokončati osnovno funkcionalnost platforme, to je obveščanje o anomalijah. Dodajanje vmesnikov za nadzorne naprave in sisteme SIEM pa bo naslednja stopnja razvoja.

Language:Slovenian
Keywords:platforma, aplikacije, programska orodja, nadzor, računalniško omrežje, sistemi SIEM, podatkovne baze, razvoj aplikacije, Python, Flask, JavaScript, CSS, HTML
Work type:Bachelor thesis/paper
Organization:FE - Faculty of Electrical Engineering
Year:2021
PID:20.500.12556/RUL-125038 This link opens in a new window
Publication date in RUL:02.03.2021
Views:886
Downloads:122
Metadata:XML RDF-CHPDL DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Visualization of network traffic for cyber security management
Abstract:
Implementing network traffic control can be very easy with the right tools. However, if more tools are used and more networks need to be monitored, problems can also occur with good tools. Therefore, the idea was born in the Cyber Security Operations Center to develop a platform that would combine all monitoring tools and monitored networks into one system. Such a tool would simplify the work of technicians and make it possible to connect between different networks and make it easier to find and correct errors. Detecting and responding to errors and attacks in the system would be shortened. The platform described in the final thesis will collect data from SIEM systems, other network monitoring devices such as IDS / IPS and firewalls, and system servers such as DNS, domain controllers, and authentication servers. From collected data, the platform will do analyses and look for correlations between them. With such a comprehensive analysis and overview of the network, it will be clear what is happening in the network in real time. When the platform is ready, it will use machine learning to find anomalies in the network and users behavior changes. For known anomalies, the procedures for their resolution will be automated, and for new anomalies, the notification of technicians and interval escalation of notification will be automated. The platform will automate the procedures of resolving various anomalies from different networks according to network priorities. The final part describes the development of the platform, how the work was set and what the purpose and goal of the platform is. Currently, the platform framework is already in place. The next steps in development are dictated by the needs that arise during the development of the platform, as well as the needs that arise in the work organization itself. The different parts of the platform, their operation and interconnection are also described. Currently, the most important thing is to complete the basic functionality of the platform, which is to inform about anomalies. Adding interfaces for SIEM control devices and systems will be the next stage of development.

Keywords:platform, applications, software tools, control, computer network, SIEM systems, databases, application development, Python, Flask, JavaScript, CSS, HTML

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back