Rick Hofstede

Autonomic, Flow-Based Anomaly Detection

Description of research

Anomalies are events that differ from normal operation. In networking, attacks and link failures are examples of anomalies. Due to the increasing line and processing speeds in today's networks, scalable solutions are needed for doing anomaly detection fast and efficient. Besides that, the increasing amounts of data transferred in networks requires a scalable monitoring technologies, such as Cisco's NetFlow or IPFIX. These technologies export an aggregate of the actual data, in order to cope with the high link speeds. The anomaly detection approach in this work therefore needs to be flow-based (i.e. processing flow-data instead of individual packets). Besides that, it needs to be autonomic, in order to make it self-learning and decoupled from the network manager.

Advisor(s):

Dr. ir. Aiko Pras (PhD supervisor)

Prof.dr. ir. Boudewijn Haverkort (Promotor)

Duration: 01-09-2011 / 31-08-2015

Project: UNIVERSELF

Funding institution: EU/FP7 IP

Strategic Research Orientation: Dependable Systems and Networks

Links to relevant web pages:

http://www.rickhofstede.nl/

http://eprints.eemcs.utwente.nl/view/author/Hofstede,_R.html

Pictures

	CTIT Home > Meet the PhDs > Rick Hofstede
Home CTIT symposium 2013 About CTIT News NIRICT Research Meet the PhDs Working at CTIT Internal Information Conferences Open Calls (updated May 3, 2013) Library and Videos Knowledge Transfer Links Sitemap Search	Rick Hofstede Autonomic, Flow-Based Anomaly Detection Description of research Anomalies are events that differ from normal operation. In networking, attacks and link failures are examples of anomalies. Due to the increasing line and processing speeds in today's networks, scalable solutions are needed for doing anomaly detection fast and efficient. Besides that, the increasing amounts of data transferred in networks requires a scalable monitoring technologies, such as Cisco's NetFlow or IPFIX. These technologies export an aggregate of the actual data, in order to cope with the high link speeds. The anomaly detection approach in this work therefore needs to be flow-based (i.e. processing flow-data instead of individual packets). Besides that, it needs to be autonomic, in order to make it self-learning and decoupled from the network manager. Advisor(s): Dr. ir. Aiko Pras (PhD supervisor) Prof.dr. ir. Boudewijn Haverkort (Promotor) Duration: 01-09-2011 / 31-08-2015 Project: UNIVERSELF Funding institution: EU/FP7 IP Strategic Research Orientation: Dependable Systems and Networks Links to relevant web pages: http://www.rickhofstede.nl/ http://eprints.eemcs.utwente.nl/view/author/Hofstede,_R.html Pictures