Deriving DDoS Mitigation Rules

Táto práca sa zaoberá monitorovaním sietí pomocou NetFlow dát. Popisuje princípy, na ktorých je založená detekcia bezpečnostných anomálií pomocou IDS systémov. Ďalej popisuje framework Nemea, ktorý slúži na tvorbu modulov schopných detekovat bezpečnostné anomálie na sieti. Následne sa venuje prehľadu jednotlivých útokov kde objasňuje ich špecifické vlastnosti, ako aj možné postupy pri ich analýze. Na základe tejto analýzy je možné vytvoriť sadu mitigačných pravidiel, ktorých aplikáciou môže dôjsť k zmierneniu prebiehajúceho útoku. Na základe získaných poznatkov bol vytvorený návrh systému, ktorý bude schopný vytvárať mitigačné pravidlá automaticky. Pomocou navrhnutej metódy boli vykonané experimenty, pri ktorých metóda označila očakávané množstvo podozrivých dát.This thesis is aimed at monitoring of computer networks using NetFlow data. It describes main aspects of detection network anomalies using IDS systems. Next part describes Nemea framework, which is used for creating modules. These modules are able to detect network incidents and attacks. Following chapters contain a brief overview of common network attacks with their specific remarks which can help in process of their detection. Based on this analysis, the concept of mitigation rules was created. These rules can be used for mitigation of DDoS attack. This method was tested on several data sets and it produced multiple mitigation rules. These rules were applied on data sets and they marked most of the suspicious flows.

Additional file 4: Table S2. of Enhanced transcriptomic responses in the Pacific salmon louse Lepeophtheirus salmonis oncorhynchi to the non-native Atlantic Salmon Salmo salar suggests increased parasite fitness

Gene Ontology enrichment of the host-specific feeding response in L. salmonis. Functional enrichment of DEGs from Atlantic-fed compared to either Coho-fed or Sockeye-fed lice at 24 and 48 hpi, and from either Coho-fed or Sockeye-fed lice compared to Atlantic-fed lice at 24 hpi. (XLSX 11 kb

Additional file 1: of Sex-biased gene expression and sequence conservation in Atlantic and Pacific salmon lice (Lepeophtheirus salmonis)

Sex-biased and sex-specific transcripts in individual populations. (XLSX 1955 kb

Additional file 2: Table S1. of Infectious hematopoietic necrosis virus (IHNV) persistence in Sockeye Salmon: influence on brain transcriptome and subsequent response to the viral mimic poly(I:C)

Complete list of significantly differentially expressed probes that were affected by IHNV status (survivor, carrier), poly(I:C)-injection and an interaction effect of both factors

Additional file 5: Table S4. of Infectious hematopoietic necrosis virus (IHNV) persistence in Sockeye Salmon: influence on brain transcriptome and subsequent response to the viral mimic poly(I:C)

Fold change (FC ≤ 1.5) list and GO enrichment analysis of probes affected by interaction of IHNV status and poly(I:C)-injection

Additional file 3: of Effects of the vertically transmitted microsporidian Facilispora margolisi and the parasiticide emamectin benzoate on salmon lice (Lepeophtheirus salmonis)

Interaction of microsporidia and EMB within k-means clustering. (XLSX 95 kb

Additional file 4: Table S3. of Infectious hematopoietic necrosis virus (IHNV) persistence in Sockeye Salmon: influence on brain transcriptome and subsequent response to the viral mimic poly(I:C)

Fold change (FC ≤ 1.5) list and GO enrichment analysis of probes affected by poly(I:C)-injection

Additional file 3: Table S2. of Infectious hematopoietic necrosis virus (IHNV) persistence in Sockeye Salmon: influence on brain transcriptome and subsequent response to the viral mimic poly(I:C)

Fold change (FC ≤ 1.5) list and GO enrichment analysis of probes affected by IHNV status

Brook_Genotypes_13522SNPs

Brook charr genotypes for 13,522 SNPs (GenePop format

Chinook_Genotypes_11759SNPs

Chinook salmon genotypes for 11,759 SNPs (GenePop format