Rick Hofstede
Autonomic, Flow-Based Anomaly Detection
Description of research
Anomalies are events that differ from normal operation. In networking, attacks and link failures are examples of anomalies. Due to the increasing line and processing speeds in today's networks, scalable solutions are needed for doing anomaly detection fast and efficient. Besides that, the increasing amounts of data transferred in networks requires a scalable monitoring technologies, such as Cisco's NetFlow or IPFIX. These technologies export an aggregate of the actual data, in order to cope with the high link speeds. The anomaly detection approach in this work therefore needs to be flow-based (i.e. processing flow-data instead of individual packets). Besides that, it needs to be autonomic, in order to make it self-learning and decoupled from the network manager.
Advisor(s):
Dr. ir. Aiko Pras (PhD supervisor)
Prof.dr. ir. Boudewijn Haverkort (Promotor)
Duration: 01-09-2011 / 31-08-2015
Project: UNIVERSELF
Funding institution: EU/FP7 IP
Strategic Research Orientation: Dependable Systems and Networks
Links to relevant web pages:
http://eprints.eemcs.utwente.nl/view/author/Hofstede,_R.html
Pictures
