About

• Home
• Team
• News
• Contact

Education

• IT-Security
• Cryptography
• SecLab
• NetLab
• Practical Project
• Student Offers

Research

• SecMonet
• IntErA
• VERCA
• Publications

SecMonet - Research Project in Network Security

SecMonet is a BMBF-funded research project for developing an adaptive anomaly-based network intrusion detection plattform to early detect unknown anomaly in real time.

Project Motivation

Recently we reached a complex heterogeneous network infrastructure consisting of social networks, cloud computing, smart grids, and other networks as well. This expansion of networks allows huge data traffic between components, which increase the vulnerabilities on our network and accordingly anomaly in network will increase. Anomaly could be an attack or any harm activities that degrades the performance of the network and consequently affects its operations.

Malware applications are trying to defend abnormalities and reduce their effect but unfortunately they mostly based on matching the traffic with a known attack signature and raise an alarm once a match is found. However, when an unknown attack appears they are incapable to detect it. In this research project, we are studying a novel tool that should outperform these drawbacks and early detect unknown attacks. This tool will be adaptive and able to process the online traffic in real time. This project is named SecMonet.

SecMonet is the development of a real time adaptive anomaly-based network intrusion detection system. It will exploit various network tools such as tcpdump and other protocols such as SNMP to aggregate network traffic, analyze it, classify it, and prevent abnormalities.

Once the data is aggregated the valuable network features will be extracted and a certain data format is created next. Hence a model will be defined based on data mining techniques and machine learning, which then represents a Normal Network Behavior (NNB), this model is updatable on real time to keep our NNB on the actual state. Thus, we can classify the online traffic based on the deviation from the NNB to normal or anomalous traffic. Finally a proper reaction will take place directly. A figure beside is showing a general diagram of the tool SecMONET.

Project Targets

• Define an adaptive normal network behavior (NNB)
• Enhancing MONET to be a monitoring and security tool SecMONET
• Detect unknown attacks in real time
• Prevention

Project members

• University of Applied Sciences Fulda, Prof. Dr. Ulrich Bühler - Project Leader
• NETHINKS GmbH, Dipl. Inf. Uwe Bergmann
• IT Security @ Work GmbH, Dr. Patrik Theobald
• Universität Kassel, Prof. Dr. Kurt Geihs
• JUMO GmbH & Co KG, Stefan Schmitt

Project Duration

01.01.2011 - 31.12.2013

This project is funded from the German Federal Ministry of Education and Research (BMBF) and 20% of the fund from the firm NETHINKS GmbH.

last modified: 23.10.2014 09:52