Vizualizacija omrežnega prometa za upravljanje kibernetske varnosti

Izvajanje nadzora nad omrežnim prometom je s pravim orodjem lahko zelo enostavno. Če se uporablja več orodij in več omrežij, ki jih je potrebno nadzorovati, pa lahko tudi z dobrim orodjem pride do težav. Zato se je v Operativnem centru kibernetske varnosti porodila ideja, da bi se razvilo platformo,...

Full description

Bibliographic Details
Main Author: HOFFMANN, JAKA
Other Authors: Dobrišek, Simon
Format: Bachelor Thesis
Language:Slovenian
Published: 2021
Subjects:
platforma
aplikacije
programska orodja
nadzor
računalniško omrežje
sistemi SIEM
podatkovne baze
razvoj aplikacije
Python
Flask
JavaScript
CSS
HTML
platform
applications
software tools
control
computer network
SIEM systems
databases
application development
Siem
sami
Online Access:https://repozitorij.uni-lj.si/IzpisGradiva.php?id=125038
https://repozitorij.uni-lj.si/Dokument.php?id=140678&dn=
id ftuniljubljanair:oai:repozitorij.uni-lj.si:IzpisGradiva.php-id-125038
record_format openpolar
institution Open Polar
collection Repository of the University of Ljubljana (RUL)
op_collection_id ftuniljubljanair
language Slovenian
topic platforma
aplikacije
programska orodja
nadzor
računalniško omrežje
sistemi SIEM
podatkovne baze
razvoj aplikacije
Python
Flask
JavaScript
CSS
HTML
platform
applications
software tools
control
computer network
SIEM systems
databases
application development
spellingShingle platforma
aplikacije
programska orodja
nadzor
računalniško omrežje
sistemi SIEM
podatkovne baze
razvoj aplikacije
Python
Flask
JavaScript
CSS
HTML
platform
applications
software tools
control
computer network
SIEM systems
databases
application development
HOFFMANN, JAKA
Vizualizacija omrežnega prometa za upravljanje kibernetske varnosti
topic_facet platforma
aplikacije
programska orodja
nadzor
računalniško omrežje
sistemi SIEM
podatkovne baze
razvoj aplikacije
Python
Flask
JavaScript
CSS
HTML
platform
applications
software tools
control
computer network
SIEM systems
databases
application development
description Izvajanje nadzora nad omrežnim prometom je s pravim orodjem lahko zelo enostavno. Če se uporablja več orodij in več omrežij, ki jih je potrebno nadzorovati, pa lahko tudi z dobrim orodjem pride do težav. Zato se je v Operativnem centru kibernetske varnosti porodila ideja, da bi se razvilo platformo, ki bi vsa nadzorna orodja in nadzorovana omrežja združila v en sistem. S takim orodjem bi se poenostavilo delo nadzornikov in lahko bi se opravljalo povezovanje med različnimi omrežji ter lažje iskalo napake in jih odpravljalo. Zaznavanje in odziv na napake in napade v sistemu bi se s tem skrajšala. Platforma, ki je opisana v zaključni nalogi, bo zbirala podatke iz sistemov SIEM, drugih omrežnih nadzornih naprav, kot so IDS/IPS in požarne pregrade, ter sistemskih strežnikov, kot so DNS, domenski krmilniki in avtentikacijski strežniki. Iz teh podatkov bo platforma delala analize in iskala korelacije med njimi. S tako celovito analizo in pregledom nad omrežjem bo razvidno, kaj se v omrežju dogaja v stvarnem času. Ko bo platforma pripravljena, bo s pomočjo strojnega učenja prepoznala anomalije v omrežju in pri uporabniku. Za znane anomalije bodo postopki njihovega reševanja avtomatizirani, za nove anomalije pa bo avtomatizirano obveščanje pristojnih tehnikov in intervalno stopnjevanje obveščanja. Platforma bo avtomatizirala postopke reševanja različnih anomalij iz različnih omrežij glede na prioritete omrežja. V zaključnem delu je opisano razvijanje platforme, kako se je delo zastavilo ter kaj je namen in cilj platforme. Trenutno je ogrodje platforme že izdelano. Naslednje korake pri razvoju pa narekujejo potrebe, ki se pojavljajo ob razvoju platforme, ter potrebe, ki nastajajo v sami delovni organizaciji. Opisani so tudi različni deli platforme, njihovo delovanje in medsebojno povezovanje. Trenutno je najpomembneje dokončati osnovno funkcionalnost platforme, to je obveščanje o anomalijah. Dodajanje vmesnikov za nadzorne naprave in sisteme SIEM pa bo naslednja stopnja razvoja. Implementing network traffic control can be very easy with the right tools. However, if more tools are used and more networks need to be monitored, problems can also occur with good tools. Therefore, the idea was born in the Cyber Security Operations Center to develop a platform that would combine all monitoring tools and monitored networks into one system. Such a tool would simplify the work of technicians and make it possible to connect between different networks and make it easier to find and correct errors. Detecting and responding to errors and attacks in the system would be shortened. The platform described in the final thesis will collect data from SIEM systems, other network monitoring devices such as IDS / IPS and firewalls, and system servers such as DNS, domain controllers, and authentication servers. From collected data, the platform will do analyses and look for correlations between them. With such a comprehensive analysis and overview of the network, it will be clear what is happening in the network in real time. When the platform is ready, it will use machine learning to find anomalies in the network and users behavior changes. For known anomalies, the procedures for their resolution will be automated, and for new anomalies, the notification of technicians and interval escalation of notification will be automated. The platform will automate the procedures of resolving various anomalies from different networks according to network priorities. The final part describes the development of the platform, how the work was set and what the purpose and goal of the platform is. Currently, the platform framework is already in place. The next steps in development are dictated by the needs that arise during the development of the platform, as well as the needs that arise in the work organization itself. The different parts of the platform, their operation and interconnection are also described. Currently, the most important thing is to complete the basic functionality of the platform, which is to inform about anomalies. Adding interfaces for SIEM control devices and systems will be the next stage of development.
author2 Dobrišek, Simon
format Bachelor Thesis
author HOFFMANN, JAKA
author_facet HOFFMANN, JAKA
author_sort HOFFMANN, JAKA
title Vizualizacija omrežnega prometa za upravljanje kibernetske varnosti
title_short Vizualizacija omrežnega prometa za upravljanje kibernetske varnosti
title_full Vizualizacija omrežnega prometa za upravljanje kibernetske varnosti
title_fullStr Vizualizacija omrežnega prometa za upravljanje kibernetske varnosti
title_full_unstemmed Vizualizacija omrežnega prometa za upravljanje kibernetske varnosti
title_sort vizualizacija omrežnega prometa za upravljanje kibernetske varnosti
publishDate 2021
url https://repozitorij.uni-lj.si/IzpisGradiva.php?id=125038
https://repozitorij.uni-lj.si/Dokument.php?id=140678&dn=
long_lat ENVELOPE(7.559,7.559,62.581,62.581)
geographic Siem
geographic_facet Siem
genre sami
genre_facet sami
op_relation https://repozitorij.uni-lj.si/IzpisGradiva.php?id=125038
https://repozitorij.uni-lj.si/Dokument.php?id=140678&dn=
op_rights info:eu-repo/semantics/openAccess
_version_ 1766187021846446080
spelling ftuniljubljanair:oai:repozitorij.uni-lj.si:IzpisGradiva.php-id-125038 2023-05-15T18:14:16+02:00 Vizualizacija omrežnega prometa za upravljanje kibernetske varnosti Visualization of network traffic for cyber security management HOFFMANN, JAKA Dobrišek, Simon 2021-03-02 application/pdf https://repozitorij.uni-lj.si/IzpisGradiva.php?id=125038 https://repozitorij.uni-lj.si/Dokument.php?id=140678&dn= slv slv https://repozitorij.uni-lj.si/IzpisGradiva.php?id=125038 https://repozitorij.uni-lj.si/Dokument.php?id=140678&dn= info:eu-repo/semantics/openAccess platforma aplikacije programska orodja nadzor računalniško omrežje sistemi SIEM podatkovne baze razvoj aplikacije Python Flask JavaScript CSS HTML platform applications software tools control computer network SIEM systems databases application development info:eu-repo/semantics/bachelorThesis info:eu-repo/semantics/publishedVersion 2021 ftuniljubljanair 2021-12-06T10:19:56Z Izvajanje nadzora nad omrežnim prometom je s pravim orodjem lahko zelo enostavno. Če se uporablja več orodij in več omrežij, ki jih je potrebno nadzorovati, pa lahko tudi z dobrim orodjem pride do težav. Zato se je v Operativnem centru kibernetske varnosti porodila ideja, da bi se razvilo platformo, ki bi vsa nadzorna orodja in nadzorovana omrežja združila v en sistem. S takim orodjem bi se poenostavilo delo nadzornikov in lahko bi se opravljalo povezovanje med različnimi omrežji ter lažje iskalo napake in jih odpravljalo. Zaznavanje in odziv na napake in napade v sistemu bi se s tem skrajšala. Platforma, ki je opisana v zaključni nalogi, bo zbirala podatke iz sistemov SIEM, drugih omrežnih nadzornih naprav, kot so IDS/IPS in požarne pregrade, ter sistemskih strežnikov, kot so DNS, domenski krmilniki in avtentikacijski strežniki. Iz teh podatkov bo platforma delala analize in iskala korelacije med njimi. S tako celovito analizo in pregledom nad omrežjem bo razvidno, kaj se v omrežju dogaja v stvarnem času. Ko bo platforma pripravljena, bo s pomočjo strojnega učenja prepoznala anomalije v omrežju in pri uporabniku. Za znane anomalije bodo postopki njihovega reševanja avtomatizirani, za nove anomalije pa bo avtomatizirano obveščanje pristojnih tehnikov in intervalno stopnjevanje obveščanja. Platforma bo avtomatizirala postopke reševanja različnih anomalij iz različnih omrežij glede na prioritete omrežja. V zaključnem delu je opisano razvijanje platforme, kako se je delo zastavilo ter kaj je namen in cilj platforme. Trenutno je ogrodje platforme že izdelano. Naslednje korake pri razvoju pa narekujejo potrebe, ki se pojavljajo ob razvoju platforme, ter potrebe, ki nastajajo v sami delovni organizaciji. Opisani so tudi različni deli platforme, njihovo delovanje in medsebojno povezovanje. Trenutno je najpomembneje dokončati osnovno funkcionalnost platforme, to je obveščanje o anomalijah. Dodajanje vmesnikov za nadzorne naprave in sisteme SIEM pa bo naslednja stopnja razvoja. Implementing network traffic control can be very easy with the right tools. However, if more tools are used and more networks need to be monitored, problems can also occur with good tools. Therefore, the idea was born in the Cyber Security Operations Center to develop a platform that would combine all monitoring tools and monitored networks into one system. Such a tool would simplify the work of technicians and make it possible to connect between different networks and make it easier to find and correct errors. Detecting and responding to errors and attacks in the system would be shortened. The platform described in the final thesis will collect data from SIEM systems, other network monitoring devices such as IDS / IPS and firewalls, and system servers such as DNS, domain controllers, and authentication servers. From collected data, the platform will do analyses and look for correlations between them. With such a comprehensive analysis and overview of the network, it will be clear what is happening in the network in real time. When the platform is ready, it will use machine learning to find anomalies in the network and users behavior changes. For known anomalies, the procedures for their resolution will be automated, and for new anomalies, the notification of technicians and interval escalation of notification will be automated. The platform will automate the procedures of resolving various anomalies from different networks according to network priorities. The final part describes the development of the platform, how the work was set and what the purpose and goal of the platform is. Currently, the platform framework is already in place. The next steps in development are dictated by the needs that arise during the development of the platform, as well as the needs that arise in the work organization itself. The different parts of the platform, their operation and interconnection are also described. Currently, the most important thing is to complete the basic functionality of the platform, which is to inform about anomalies. Adding interfaces for SIEM control devices and systems will be the next stage of development. Bachelor Thesis sami Repository of the University of Ljubljana (RUL) Siem ENVELOPE(7.559,7.559,62.581,62.581)

Similar Items