05739ntm a22005537i 4500 000698461 CZ-PrVSE 20230625093744.0 m d cr n|||||||||| 230625s2023 xr fsbm 000 0 eng d NEZPRACOVANÝ IMPORT ABA006 cze ABA006 ABA006 rda Švarc, Lukáš ISIS:85997 dis Detekce anomálií v počítačových sítích v univerzitním prostředí eng Computer Network Anomaly Detection in University Environment / Lukáš Švarc 2023 ?? stran : digital, PDF soubor Vedoucí práce: Jiří Ivánek Disertační práce (Ph.D.)—Vysoká škola ekonomická v Praze. Fakulta informatiky a statistiky, 2023 Obsahuje bibliografii Textový (vysokoškolská kvalifikační práce) Rok obhajoby 2023 After several successful cyber-attacks on public sector institutions recently, it became clear that it was necessary to increase the level of protection for computer networks in university environment as well. While there are a number of commercial solutions based on firewall, antivirus or IPS technologies for the detection of known attacks, the capabilities of these tools are very limited for the detection of unknown attacks. Anomaly detection methods based on machine learning are essentially the only option for protection against these unknown attacks. The main objective of this thesis is to adapt selected anomaly detection methods using supervised machine learning techniques in order to enhance the security of information systems in the university environment. The specifics of the university environment and its differences from a typical business environment are supported by discussions with IT experts from Prague University of Economics and Business, University of Granada, and Athens University of Economics and Business, as well as by a questionnaire focused on working with the information system completed by more than two thousand employees and students at the Prague University of Economics and Business. Following the signing of the NDA, logs from the information system's traffic were collected for the period 2016–2020. This data was anonymized, and the captured attacks contained helped define the three most typical types of attacks in the university environment: Simple Automated Attack, Advanced Automated Attack, and Cyber Attack. Subsequently, a synthetic dataset generator for the university environment was created. This generator creates information system logs and inserts a parameterized number of attacks of a selected type, which could serve as an interesting tool for other researchers of the university environment worldwide. Selected conventional supervised machine learning methods, specifically Logistic Regression and Deepnets, were evaluated in the university environment using a synthetic dataset generator. Since Deepnets achieved better results, an adapted Deepnets with enriched dataset (ADED) method was proposed, achieving even better results for typical attacks in the university environment. The conclusions of the thesis were validated by analyzing historical data from the last year of operation (2022) of the information system at the Prague University of Economics and Business. The ADED method was trained on combined dataset, which was generated by synthetic dataset generator for the university environment and contained samples of real attacks from 2016-2020. By utilizing the ADED method and preprocessing the original university dataset, potential cybersecurity incidents were identified that had not been detected by any other security mechanism at the time of their execution. These results were verified and confirmed in collaboration with experts from the Informatics Centre at the Prague University of Economics and Business. Eighteen out of twenty three identified cybersecurity incidents detected by the ADED method were confirmed by experts. All the components described in this thesis served as a methodological basis for the Hellhound AI project, which was developed within the Prague University of Economics and Business, mainly in collaboration between myself and my colleague, Ing. Pavel Strnad. Due to the scope of this project, close collaboration was required, which was reflected in our dissertations, where the source data and some parts were the result of joint work. Způsob přístupu: Internet aplikovaná informatika [obor disert. práce] disertace fd132024 czenas dissertations eczenas Supervised Machine Learning Anomaly Detection Network Security Information Systems University Environment Ivánek, Jiří, 1953- mzk2003171460 ths Čejka, Tomáš opn Vysoká škola ekonomická v Praze. Fakulta informatiky a statistiky kn20010709399 dgg https://insis.vse.cz/zp/66808/podrobnosti VŠKP v InSIS https://insis.vse.cz/zp/66808 Hlavní práce https://insis.vse.cz/zp/66808/posudek/vedouci Hodnocení vedoucího https://insis.vse.cz/zp/66808/posudek/oponent/79410 Oponentura https://insis.vse.cz/zp/66808/posudek/oponent/79412 Oponentura https://insis.vse.cz/zp/66808/posudek/oponent/79413 Oponentura https://insis.vse.cz/zp/66808/podrobnosti dc:identifier NEPOSILAT VSKP vse66808 230617 66808