iAID: innovative Anomaly- and Intrusion-Detection
With the increasing integration of IT systems their vulnerability rises, too. As the BSI Management Report to IT security shows, the number of attacks on IT systems that are connected to the Internet continues to grow. Aims of such attacks include limiting the availability of services or theft of information. The damage of such attacks are often high, so that effective protection against these threats is in the interest of the system operators. This type of network-based attacks can be identified by the technique of anomaly detection. Within the project "innovative anomaly and intrusion detection" (IAID) we develop techniques for efficient anomaly detection at network level and explore possibilities for classification of occurring anomalies. By aggregation of network data the amount of computation required to detect network attacks can be reduced. On this basis, various techniques to detect anomalies are explored and evaluated for their feasibility. We examine how the information collected can be analyzed and classified as automated as possible in order to keep human interaction low to detect network attacks. Finally, the entire system is evaluated empirically. Therefore a controlled test environment will be generated and evaluations will be performed in various ISP networks.