VERCA - Distributed Detection of Cyber-Attacks with an intelligent and collaborative IDS

VERCA is a BMBF-funded research project for developing an intelligent and collaborative intrusion detection system focusing on detecting attacks on highly distributed and shared IT- infrastructures

Project Motivation

Pioneering technologies like the Internet of Things or Cloud Infrastructures are causing corporate boundaries to become increasingly blurred and thus create globally organized supply-chains that are intelligently connected and highly automated. This observation leads to a dramatic increase in the potential attack surface of these systems. Therefore, it is stringently required to develop sustainable security solutions that meet the necessities of highly distributed and complex infrastructures while following local and global security guidelines.

Fig. 1: General Overview of the VERCA Architecture

The project VERCA addresses this problem by means of a novel collaborative and multi-level intrusion detection system. Since no central IDS can adequately capture the complex normal state of the overall system, our approach for the architecture is a composite of distributed VERCA nodes. Here, each node has its own detection mechanism. In case of uncertainty, this mechanism relies on the expertise of other nodes in the composite. Selective communication of information and proactive exchange of knowledge can significantly increase the recognition accuracy of the overall system so that current and future infrastructures can be effectively protected by means of a scalable, self-learning and therefore extremely flexible security architecture. For this purpose, completely new types of communication and detection mechanisms must be researched to facilitate privacy- aware knowledge transfer between divergent corporate networks to achieve greater accuracy in the detection of sophisticated attack scenarios.

Project Targets

  • Determination of an effective and dynamic communication architecture of the CIDS in order to develop and utilize efficient distribution and correlation mechanisms, so that the combination of exchanged alert information from different infrastructures leads to a more effective anomaly detection

  • Collective exchange of safety-critical information and resolution of occurring model conflicts between system components

  • Develop new ways to maintain local and global privacy policies when exchanging sensitive data for the entire system

  • Combination of the hybrid classification approaches from the predecessor project IntErA with the targeted global communication architecture of VERCA in order to increase the detection rate of advanced, highly distributed attacks

  • Evaluation of management and streaming logging data by the use of machine learning methods to provide the required information for cognitive management and network automation

  • Further development of network management and monitoring solutions for the early detection of anomalies in network traffic and the support of proactive defense mechanisms (i.a. SDN / NFV, Streaming Telemetry)

  • Relocation of the recognition and correlation mechanisms towards an In-Network Attack Detection by the use of a programmable control / data plane (i.a. , In-band Telemetry)

  • Close integration of CIDS components with network and cloud infrastructure platforms as the basis for dynamic and adaptive detection of distributed attacks by incorporating management, discovery and logging data from the to be monitored infrastructures

Project Team

In context of the collaborative approach, fundamental questions on the aggregation and correlation of logging data in cloud infrastructures are upcoming and thus emphasize the interdisciplinary nature of the project. Although the focus of the project is on increasing data security, this can only be reasonable by meeting the requirements of cloud-network performance and fault tolerance. Therefore, the core project team consists of two groups, which work closely together to pursue a holistic and sustainable approach in research and development:

Ulrich Buehler Prof. Dr. Ulrich Bühler
Network and Data Security
Project Lead

Tel.: +49 (0) 661 / 9640 - 325
Room : E 325

Sebastian Rieger Prof. Dr. Sebastian Rieger
Multimedia Communications Networks
Project Member

Tel.: +49 (661) 96 40 - 3033
Room : E 126


Project Duration

15.04.2019 - 15.04.2022

This project is funded by the German Federal Ministry of Education and Research (BMBF).

last modified: 21.01.2020 08:25