Graph-based models in prediction and projection of cyber attacks

Predictive analysis allows next-generation cyber defense that is more proactive than current approaches based solely on intrusion detection. In this talk, we will discuss various approaches to predicting and projecting cyber attacks. Graph-based models are dominating the field since the foundation of this research area. Attack graphs were used to traverse through the attacker’s actions and project the continuation of an ongoing attack. Later, attack graphs were combined with Bayesian networks and Markov models to reflect the probabilistic nature of predictions and overcome uncertainties in observation of attack steps. However, there are still open issues, such as how to create such models and evaluate the predictions. The talk will shed light on using graphs in this research area and summarize resolved and open issues

The influence of the hub on discharge and efficiency of the swirl turbine

Cílem práce je numerickým modelováním určit vliv velikosti náboje na hltnost a účinnost vírové turbíny. V první části práce jsou shrnuty teoretické poznatky o vodních turbínách. V hlavní části práce je nejdříve proveden hydraulický návrh turbín, jejich modelování v Inventoru, export geometrie do Gambitu a vytvoření výpočetní sítě. Dále je popsána metodika řešení ve Fluentu, vyhodnocení spočítaných dat a jejich prezentace ve formě tabulek a grafů.The aim is to determine by numerical modeling the influence of the hub on discharge and efficiency of the swirl turbine. The first part summarizes the theoretical knowledge about water turbines. In the main part is done hydraulic design of turbine, create model in Inventor, export geometry in Gambit and build mesh. Then it is described the solution methodology in Fluent, evaluation of computed data and their presentation in the form of tables and graphs

Towards a Data-Driven Recommender System for Handling Ransomware and Similar Incidents

Effective triage is of utmost importance for cybersecurity incident response, namely in handling ransomware or similar incidents in which the attacker may use self-propagating worms, infected files, or email attachments to spread malware. If a device is infected, it is vital to know which other devices can be infected too or are immediately threatened. The number and heterogeneity of devices in today's network complicate situational awareness of incident handlers, and, thus, we propose a recommender system that uses network monitoring data to prioritize devices in the network based on their similarity and proximity to an already infected device. The system enumerates devices in close proximity in terms of physical and logical network topology and sorts them by their similarity given by the similarity of their behavioral profile, fingerprint, or common history. The incident handlers can use the recommendation to promptly prevent malware from spreading or trace the attacker's lateral movement

Quality Management Tools

Tato bakalářská práce je psána formou rešerše. Dává si za cíl zmapovat nástroje a metody, které mají za úkol zlepšovat jakost a udržet ji na požadované úrovni. Text je rozdělen do dvou kapitol. První kapitola je věnována definici jakosti, jejím historickým vývojem, základními koncepcemi, které pomáhají jakost definovat a v závěru kapitoly je uveden přehled tzv. otců jakosti. Ve druhé kapitole jsou popsány nástroje, které se k řízení jakosti používají. Jsou rozděleny do dvou skupin - sedm základních nástrojů jakosti a sedm nových nástrojů.This bachelor‘s thesis is written in the form of literature search. Main goal is to map the tools and methods that are designed to improve and sustain the required level of quality. The text is divided into two chapters. The first chapter is devoted to the definition of quality, its historical development, basic concepts that help define quality and in the end is a list of so called fathers of quality. The second chapter describes the tools that are used for quality control. They are divided into two groups - the seven basic tools of quality, and seven new tools.

A Dashboard for Cyber Situational Awareness and Decision Support in Network Security Management

This demo paper presents a dashboard for network security management, a web application that visualizes data gathered by various sensors in the network and allows the user to achieve cyber situational awareness and provides decision support in the incident handling process. The dashboard and its underlying database use modern graph-based approaches to data modelling, storing, and querying. The dashboard speeds up routine tasks in incident handling, such as getting a context of a situation and quickly assessing the spread and impact of vulnerabilities. The implementation uses modern graph-based approaches to data storage and visualization

POSTER: Reflected attacks abusing honeypots

We present the observation of distributed denial-of-service attacks that use reflection of the flooding traffic off reflectors. This type of attack was used in massive attacks against internet infrastructure of Czech Republic in March, 2013. Apart from common hosts in the network, honeypots were abused as the reflectors. It caused the false positive incident detection and helped attackers. Honeypots, which are by default set to accept any incoming network connection, unintentionally amplified the effect of reflection. We present an analysis of the attack from the point of view of honeypots and show the risks of having honeypots respond to any incoming traffic. We also discuss the possibilities of attack detection and mitigation and present lessons learned from handling the attack. We point out a lack of communication and data sharing during the observed attack

Network Monitoring and Enumerating Vulnerabilities in Large Heterogeneous Networks

In this paper, we present an empirical study on vulnerability enumeration in computer networks using common network probing and monitoring tools. We conducted active network scans and passive network monitoring to enumerate software resources and their version present in the network. Further, we used the data from third-party sources, such as Internet-wide scanner Shodan. We correlated the measurements with the list of recent vulnerabilities obtained from NVD using the CPE as a common identifier used in both domains. Subsequently, we compared the approaches in terms of network coverage and precision of system identification. Finally, we present a sample list of vulnerabilities observed in our campus network. Our work helps in approximating the number of vulnerabilities and vulnerable hosts in large networks, where it is often impractical or costly to perform vulnerability scans using specialized tools, and in situations, where a quick estimate is more important than thorough analysis.In this paper, we present an empirical study on vulnerability enumeration in computer networks using common network probing and monitoring tools. We conducted active network scans and passive network monitoring to enumerate software resources and their version present in the network. Further, we used the data from third-party sources, such as Internet-wide scanner Shodan. We correlated the measurements with the list of recent vulnerabilities obtained from NVD using the CPE as a common identifier used in both domains. Subsequently, we compared the approaches in terms of network coverage and precision of system identification. Finally, we present a sample list of vulnerabilities observed in our campus network. Our work helps in approximating the number of vulnerabilities and vulnerable hosts in large networks, where it is often impractical or costly to perform vulnerability scans using specialized tools, and in situations, where a quick estimate is more important than thorough analysis

Protection of personal data in security alert sharing platforms

In order to ensure confidentiality, integrity and availability (so called CIA triad) of data within network infrastructure, it is necessary to be able to detect and handle cyber security incidents. For this purpose, it is vital for Computer Security Incident Response Teams (CSIRT) to have enough data on relevant security events and threats. That is why CSIRTs share security alerts and incidents data using various sharing platforms. Even though they do so primarily to protect data and privacy of users, their use also lead to additional processing of personal data, which may cause new privacy risks. European data protection law, especially with the adoption of the new General data protection regulation, sets out very strict rules on processing of personal data which on one hand leads to greater protection of individual's rights, but on the other creates great obstacles for those who need to share any personal data. This paper analyses the General Data Protection Regulation (GDPR), relevant case-law and analyses by the Article 29 Working Party to propose optimal methods and level of personal data processing necessary for effective use of security alert sharing platforms, which would be legally compliant and lead to appropriate balance between risks

System for Continuous Collection of Contextual Information for Network Security Management and Incident Handling

In this paper, we describe a system for the continuous collection of data for the needs of network security management. When a cybersecurity incident occurs in the network, the contextual information on the involved assets facilitates estimating the severity and impact of the incident and selecting an appropriate incident response. We propose a system based on the combination of active and passive network measurements and the correlation of the data with third-party systems. The system enumerates devices and services in the network and their vulnerabilities via fingerprinting of operating systems and applications. Further, the system pairs the hosts in the network with contacts on responsible administrators and highlights critical infrastructure and its dependencies. The system concentrates all the information required for common incident handling procedures and aims to speed up incident response, reduce the time spent on the manual investigation, and prevent errors caused by negligence or lack of information

Effect of formal and informal nutrition education on the dietary habits of high-school students

The bachalor thesis focuses on the effects of formal nutrition education on the theoretical knowledge of learners and its subsequent application in their daily meal choices. It aims at students of a selected grammar school and a selected vocational school. The goal was to find out whether or not vocational school learners have better knowledge than grammar school learners and if their knowledge transfers into practice. The research sample of a questionnaire survey consisted of 199 students. According to its outcome, the knowledge of the topic proven by vocational school learners does not significantly differ from the knowledge of their grammar school counterparts. Despite the lack of formal nutrition education at the grammar school, it is the learners of the grammar school who have the better knowledge. KEYWORDS diet, grammar school, specialized secondary school, dietary habits, nutrition, educationBakalářská práce se zabývá vlivem formálního vzdělávání o výživě na teoretické znalosti žáků a následným přenesením těchto znalostí do každodenní volby jídel. Zaměřuje se na žáky jednoho vybraného gymnázia a jedné vybrané odborné střední školy. Cílem bylo zjistit, zdali mají žáci odborné střední školy lepší znalosti než žáci gymnázia a jestli své znalosti přenáší do praxe. Výzkumný soubor tvořilo dohromady 199 žáků. Formou dotazníkového šetření se zjišťovaly jejich znalosti o výživě a preference jídel v průběhu dne. Z výzkumu vyplývá, že se od sebe žáci vybraných škol v dané oblasti významně neliší, ale i přes minimální formální výuku o výživě, kterou žáci gymnázia procházejí, mají lepší znalosti právě oni. KLÍČOVÁ SLOVA dieta, gymnázium, odborná střední škola, stravovací návyky, výživa, vzděláníKatedra pedagogikyFaculty of EducationPedagogická fakult