Distributed System for Attack Classification in VoIP Infrastructure Based on SIP Protocol

Import 14/02/2017Dizertační práce se zaměřuje na strojové metody klasifikace SIP útoků. Data o VoIP útocích jsou získána distribuovanou sítí detekčních sond s honeypot aplikacemi. Zachycené útoky následně zpracovává centralizovaný expertní systém Beekeeper. Tento systém provádí transformaci dat a jejich klasifikaci algoritmy strojového učení. V práci rozebírám různé typy těchto algoritmů, využívající učení bez i s učitelem, kdy nejlepších výsledků klasifikace dosahuje MLP neuronová síť. Tato neuronová síť je blíže popsána a testována v různých konfiguracích a nastaveních. Výsledná implementace obsahuje i techniky k vylepšení přesnosti, které stávající implementace nevyužívají. V práci seznamuji čtenáře se SIP protokolem, VoIP útoky a současným stavem na poli detekce těchto útoků. Navrhované řešení spoléhá na nasazení expertního systému Beekeeper s distribuovanou sítí detekčních sond. Koncept systému Beekeeper má modulární design s moduly pro agregaci a čištění dat, analýzu a vyhodnocení útoku, monitoring stavu jednotlivých sond, webové rozhraní pro komunikaci s uživateli atd. Různorodost a široká škála dostupných sond umožňuje jejich snadné nasazení v cílové síti, přičemž vyhodnocení nežádoucího provozu provádí autonomně systém Beekeeper. Díky modulární architektuře však není nutné omezovat funkci tohoto systému jen na detekci útoků. Věrohodnost a přesnost klasifikace útoků neuronovou sítí byla ověřena srovnáním s ostatními algoritmy strojového učení a výhody modelu byly popsány.The dissertation thesis focuses on machine learning methods for SIP attack classification. VoIP attacks are gathered with various types of detection nodes through a set of a honeypot applications. The data uncovered by different nodes collects centralized expert system Beekeeper. The system transforms attacks to the database and classifies them with machine learning algorithms. The thesis covers various supervised and unsupervised algorithms, but the best results and highest classification accuracy achieves MLP neural network. The neural network model is closely described and tested under varying condition and settings. The final neural network implementation contains the latest improvements for enhancing the MLP accuracy. The thesis familiarizes the reader with SIP protocol, VoIP attacks and the current state of the art methods for attack detection and mitigation. I propose the concept of a centralized expert system with distributed detection nodes. This concept also provides techniques for attack aggregation, data cleaning, node state monitoring, an analysis module, web interface and so on. The expert system Beekeeper is a modular system for attack classification and evaluation. Various detection nodes enable easy deployment in target network by the administrator, while the Beekeeper interprets the malicious traffic on the node. But the general nature and modularity of the expert system Beekeeper allow it to be used in other cases as well. The reliability and accuracy of the neural network model are verified and compared with other machine learning available nowadays. The benefits of proposed model are highlighted.440 - Katedra telekomunikační technikyvyhově

Acceleration of particle swarm optimization with AVX instructions

Parallel implementations of algorithms are usually compared with single-core CPU performance. The advantage of multicore vector processors decreases the performance gap between GPU and CPU computation, as shown in many recent pieces of research. With the AVX-512 instruction set, there will be another performance boost for CPU computations. The availability of parallel code running on CPUs made them much easier and more accessible than GPUs. This article compares the performances of parallel implementations of the particle swarm optimization algorithm. The code was written in C++, and we used various techniques to obtain parallel execution through Advanced Vector Extensions. We present the performance on various benchmark functions and different problem configurations. The article describes and compares the performance boost gained from parallel execution on CPU, along with advantages and disadvantages of parallelization techniques.Web of Science132art. no. 73

A methodology for measuring voice quality using PESQ and interactive voice response in the GSM channel designed by OpenBTS

This article discusses a methodology for rating the quality of mobile calls. Majority telecommunications service from the perspective of the whole world is using mobile telephony networks. One of the problems affecting this service and its quality are landscape barriers, which prevent the spread signal. Price and complex construction of classic BTS does not allow their dense distribution. In such cases, one solution is to use OpenBTS technology. Design of OpenBTS is more available, so it can be applied to much more places and more complex points. Purpose of this measurement is a model for effective stations deployment, due to shape and distribution of local barriers that reduce signal power, and thus the quality of speech. GSM access point for our mobile terminals is OpenBTS USRP N210 station. The PESQ method for evaluating of speech quality is compared with the subjective evaluation, which provides Asterisk PBX with IVR call back. Measurement method was taken into account the call quality depending on terminal position. The measured results and its processing bring knowledge to use this technology for more complicated locations with degraded signal level and increases the quality of voice services in telecommunications

IP telephony based danger alert communication system and its implementation

The paper deals with development of a web application allowing to deliver pre-recorded voice messages by using SIP generator. The developed application is a part of complex system, which has been evolved in Dpt. of Telecommunications, Technical University of Ostrava for last three years. Our intent is focused on disaster management, the message, which should be delivered within specified time span, is typed in the application and text-to-speech module ensures its transormation to a speech format, after that a particular scenario or warned area is selected and a target group is automatically unloaded. For this purpose, we have defined XML format for delivery of phone numbers which are located in the target area and these numbers are obtained from mobile BTS's (Base transmission stations). The advantage of this aproach lies in controlled delivery and finally the list of unanswered calls is exported and these users are informed via SMS. In the paper, the core of the danger alert system is described including algorithms of the voice message delivery

Efficient detection of spam over internet telephony by machine learning algorithms

Recent trends show a growing interest in VoIP services and indicate that guaranteeing security in VoIP services and preventing hacker communities from attacking telecommunication solutions is a challenging task. Spam over Internet Telephony (SPIT) is a type of attack which is a significant detriment to the user's experience. A number of techniques have been produced to detect SPIT calls. We reviewed these techniques and have proposed a new approach for quick, efficient and highly accurate detection of SPIT calls using neural networks and novel call parameters. The performance of this system was compared to other state-of-art machine learning algorithms on a real-world dataset, which has been published online and is publicly available. The results of the study demonstrated that new parameters may help improve the effectiveness and accuracy of applied machine learning algorithms. The study explored the entire process of designing a SPIT detection algorithm, including data collection and processing, defining suitable parameters, and final evaluation of machine learning models.Web of Science1013342613341

Method for robot manipulator joint wear reduction by finding the optimal robot placement in a robotic cell

We describe a method for robotic cell optimization by changing the placement of the robot manipulator within the cell in applications with a fixed end-point trajectory. The goal is to reduce the overall robot joint wear and to prevent uneven joint wear when one or several joints are stressed more than the other joints. Joint wear is approximated by calculating the integral of the mechanical work of each joint during the whole trajectory, which depends on the joint angular velocity and torque. The method relies on using a dynamic simulation for the evaluation of the torques and velocities in robot joints for individual robot positions. Verification of the method was performed using CoppeliaSim and a laboratory robotic cell with the collaborative robot UR3. The results confirmed that, with proper robot base placement, the overall wear of the joints of a robotic arm could be reduced from 22% to 53% depending on the trajectory.Web of Science1112art. no. 539

Centrality evolution of the charged-particle pseudorapidity density over a broad pseudorapidity range in Pb-Pb collisions at root s(NN)=2.76TeV

Peer reviewe

Improvements of SIP Proxy Robustness Against DoS Attacks

Import 04/07/2011Nárůst popularity VoIP v posledních letech nezbytně vedl i k zájmu hackerů o tuto novou platformu. Jedním z nejvíce užívaných útoků je DoS, zejména díky jednoduchosti a vysokému dopadu na danou službu. Diplomová práce popisuje nejen vlastnosti SIP protokolu, ale i bezpečnostní hrozby týkající se VoIP řešení. Tyto znalosti slouží k testování odolnosti SIP proxy, stejně tak i pro následné bezpečnostní opatření. Každý útok je detailně popsán i s návrhem obrany. Cestou k zvýšení odolnosti je nasazení IPS systému na bázi aplikací Snort, SnortSam a IPtables. Práce obsahuje také popis dalších bezpečnostních kroků, zvyšující bezpečnost v síti i vlastní SIP proxy.Increasing rate of popularity of VoIP solution in last few years lead to hackers interest for this new platform. One of the most used attack nowadays is DoS, because of its simplicity and big impact. This diploma thesis describes features of SIP protocol and main security threats in VoIP. These knowledge are used for testing robustness of SIP proxy server. Attacks are described in detail, there is made a security precaution for each of them. Way, how to defend SIP proxy against attacks is creating an IPS system, composed as combination Snort, SnortSam and IPtables applications. Part of thesis is also proposal for security steps, increasing inside network safety and SIP proxy security.460 - Katedra informatikyvýborn

DoS attacks targeting SIP server and improvements of robustness

The paper describes the vulnerability of SIP servers to DoS attacks and methods for server protection. For each attack, this paper describes their impact on a SIP server, evaluation of the threat and the way in which they are executed. Attacks are described in detail, and a security precaution is made to prevent each of them. The proposed solution of the protection is based on a specific topology of an intrusion protection systems components consisting of a combination of Snort, SnortSam and Iptables applications, the solution was verified in experiments. The contribution of this paper includes the performed comparison of the DoS attacks’ efficiency which were tested both without any protection and then with implemented Snort and SnortSam applications as proposed in our solution.Scopus6118417

Creating standard installation packages of computer networks virtual laboratory components for the Debian GNU/Linux

Ve své práci řeším problém tvorby instalačních balíčků komponent virtuální laboratoře počítačových sítí pro distribuci debian. V první kapitole se nachází úvod do problematiky tvorby balíčků, následovaný druhou kapitolou obsahující popis tvorby balíčků pro obecný příklad. Další kapitoly se týkají tvorby balíčků pro jednotlivé komponenty virtuální laboratoře. na něž navazuje kapitola řešící distribuce těchto balíčků pomocí repozitáře a kapitola s návodem pro instalaci vytvořených balíčků. V závěru hodnotím dosažené výsledky.In my thesis I solve problem of creating installation packages of computer networks virtual laboratory components for distribution debian. In first chapter is located introduction into problem of creating packages, followed by second chapter containing description how to create packeges for common example. Next chapters describe creating packages for all components of virtual network laboratory. Consequent chapter solving distribution of these packages using repository. Another chapter contain guide for installation binary packages. At the close I evaluate attained results.Prezenční456 - Katedra informatikyvelmi dobř