IntErA - Intelligent Detection of Cyber-Attacks on IT-Infrastructures

IntErA is a BMBF-funded research project for developing an intelligent intrusion detection system and building proper attack-pattern accordingly

Project Motivation

Due to the massive amount of data in computer and communication networks and the expansion of information technology over several research areas, it is a great challenge to reveal vulnerabilities, manage network traffic online, and uncover zero-day-attacks accordingly. Moreover, building an adaptive pattern (signature) from the detected attack has become an individual interest. Nowadays, the same attacks are spreading rapidly with slightly different signatures making it even harder to be detected. To overcome this serious challenge, we need to reinforce the network security by an intelligent IDS model that is able to detect new attacks, builds proper patterns, and interacts with an adaptive pattern-database to keep constructed attack-patterns up-to-dated. We will tackle this challenge by proposing a state-of-the-art IDS model that is able to effectively accommodate with the recent network security challenges.

Our intelligent IDS IntErA consists of a pattern-based detection component (PDC), an anomaly-based detection Component (ADC), and an adaptive pattern-database. These components are interconnected using secure communication protocols and they are able to interact in parallel scenarios. Hence, the parallelism will enhance the IDS performance and thus monitor and decrease the number of vulnerabilities over the entire network. The idea of IntErA is principally abstracted from our project SecMonet. It is considered as a complementary project to the latter. The PDC will continuously receive the normal traffic and match it with the database to detect known attacks earlier and filter them accordingly. Then the ADC component will examine the traffic intensively by comparing its payload with a robust predefined normal network behavior model to generate an adaptive pattern and store it in the pattern-database.

Project Targets

  • Define a robust and adaptive normal network behavior (NNB).
  • Select the optimal deviation criterion from the NNB to precisely classify the traffic as an attack.
  • Dynamic pattern generation for the detected unknown attacks.
  • Design and implementation of the adaptive pattern-database.
  • The analysis of the Malware infection ways over IPv4/IPv6 networks.
  • Development of an intelligent IDS-Framework for the industry.

Project members

Project Duration

01.06.2014 - 31.12.2017

This project is funded by the German Federal Ministry of Education and Research (BMBF).

last modified: 15.01.2018 17:31