TU Berlin

Main document

Literature Database Entry


Rene Rietz, "Optimization of Network Intrusion Detection Processes," PhD Thesis, Institute of Computer Science and Information and Media Technology, Brandenburg University of Technology (BTU), November 2017. (Advisor: Hartmut König; Referees: Falko Dressler and Felix C. Freiling)


Intrusion detection is a concept from the field of IT security. Network intrusion detection systems (NIDS) are used in addition to preventative measures, such as firewalls,to enable an automated detection of attacks. Network security threats often consistof multiple attack phases directed against various components of the network. Duringeach attack phase, varying types of security-related events can be observed at variouspoints in the network. Security monitoring, however, is nowadays essentially limitedto the uplink to the internet. Sometimes it is also used to a limited extent at keypoints within a network, but the analysis methods do not have the same depth as atthe uplink. Other areas, such as virtual networks in virtual machines (VMs), are notcovered at all, yet.The aim of this thesis is to improve the detection capability of attacks in local areanetworks. With a glance at the area of safety engineering, it appears efficient to secure these networks thoroughly and to develop additional monitoring solutions onlyfor the remaining problem cases. This entails several challenges for the analysis ofdifferent parts of the TCP/IP stack. The lowermost part of the network stack hasto be analyzed for attacks on network components, such as switches and VM bridges.For this, there is still no technology. Although attacks on the layers 2 and 3, suchas ARP spoofing and rogue DHCP servers in physical networks, can be controlledto some extent by appropriate switches, equivalent methods are not used in virtualnetworks. Therefore, a software-defined networking based approach is proposed tocounteract the respective attacks, which works for physical and virtual networks. Theupper layers are already largely covered by traditional NIDS methods, but the rapidlyincreasing data rates of local area networks often lead to an uncontrolled discardingof traffic due to overload situations in the monitoring stations. Therefore, the drawbacks of current optimization approaches are outlined based on a detailed performanceprofiling of typical intrusion detection systems. A new approach for parallelizing theintrusion detection analysis that copes with the increasing network dynamics is introduced and evaluated. Since further special issues for NIDS particularly go backto the massive use of web technologies in today’s networks, a firewall architecture ispresented which applies novel NIDS methods based on machine learning to identifyweb applications and to ward off malicious inputs. The architecture addresses theentire process chain starting from the data transfer with HTTP via the analysis ofmanipulated web documents to the extraction and analysis of active contents.

Quick access

BibTeX BibTeX


Rene Rietz

BibTeX reference

    author = {Rietz, Rene},
    title = {{Optimization of Network Intrusion Detection Processes}},
    advisor = {K{\"{o}}nig, Hartmut},
    institution = {Institute of Computer Science and Information and Media Technology},
    location = {Cottbus, Germany},
    month = {11},
    referee = {Dressler, Falko and Freiling, Felix C.},
    school = {Brandenburg University of Technology (BTU)},
    type = {PhD Thesis},
    year = {2017},

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.

This page was automatically generated using BibDB and bib2web.


Featured Paper