TU Berlin

Main document

Literature Database Entry


Manuela Schinn, "Intelligent Data Selection for Network-based Attack Detection," Master's Thesis, Department of Computer Science, Friedrich–Alexander University of Erlangen–Nuremberg (FAU), August 2010. (Advisors: Tobias Limmer and Falko Dressler)


Security of network systems is becoming more and more important because the amount of sensitive information that is being stored and manipulated online is increasing and corporate networks have become more reachable. An important technology for protecting those systems is a signature-based network intrusion detection system like Snort. It compares signatures of incoming packets to predefined signatures of attacks. However, with today's high traffic of gigabit networks and the growing complexity of attacks, intrusion detection systems are often not able to cope with the huge amount of comparisons. I evaluated intelligent data selection for network-based attack detection using an anomaly-based intrusion detection algorithm in order to reduce the amount of traffic data that an intrusion detection system has to process by 90 percent. For this purpose I examined different anomaly-based intrusion detection algorithms for identifying suspicious traffic. Only traffic that is marked as anomalous by the algorithm is forwarded to Snort for deeper inspection. I implemented two algorithms in order to verify this approach. Although it was not possible to reduce the amount of traffic by 90 percent with today's anomaly-based intrusion detection algorithms, evaluation showed that reduction of traffic data and still getting reasonable intrusion detection results from Snort is possible. The evaluation results and the implemented algorithms as well as the test setup developed in this thesis are a basis for future research in the topic of intelligent data selection for intrusion detection systems.

Quick access

BibTeX BibTeX


Manuela Schinn

BibTeX reference

    author = {Schinn, Manuela},
    title = {{Intelligent Data Selection for Network-based Attack Detection}},
    advisor = {Limmer, Tobias and Dressler, Falko},
    institution = {Department of Computer Science},
    location = {Erlangen, Germany},
    month = {8},
    school = {Friedrich--Alexander University of Erlangen--Nuremberg (FAU)},
    type = {Master's Thesis},
    year = {2010},

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.

This page was automatically generated using BibDB and bib2web.