FB3 TZI | ||||||
> | ">Deutsch
|
|||||
FIDeS |
||||||
The
project FIDeS (Early Warning- and Intrusion Detection System Based upon
Combined AI Methods) funded by the German Ministry of Research and Education (BMBF)
aims at developing an advanced, intelligent assistance system for detecting
attacks from the Internet both in local area networks and in wide area networks
as early as possible. Within the frameworks of FIDeS, not only widely-used
Internet protocols such as FTP, SMTP, and HTTP shall be considered, but also
newer protocols such as telecommunication protocols, VoIP protocols, and SOAP.
This also allows the early warning systems to detect attacks on Internet nodes
which may originate from mobile devices. In addition, fraudulent access in
security-critical, IT-based business processes of enterprises will also be
detected. Conventional IDS and
in particular IDS for anomaly detection usually produce a high false positive
rate or do not detect all attacks (false negatives). Complementary to
anomaly-based IDS, we develop an early warning system based upon heterogeneous
methods of Artificial Intelligence (AI). This system supports a security
officer in analyzing attacks and carrying out appropriate counter measures.
Consequently, the project FIDeS focuses more on assistance (such as concrete instructions in case of an attack)
rather than on mere intrusion detection. For this purpose, various AI-based
methods are employed such as declarative knowledge representation, the generation of explanations, and
cognitive assistance. However, the integration with an
anomaly-based IDS is also envisioned. Specifically, our
assistance system for early warning has the following features: ·
availability
of plausible (comprehensible) explanations for attacks, ·
declarative
representation of knowledge on attacks, systems to be attacked, and system
components as well as counter measures, ·
interactive
assistance on the execution and selection of counter measures for attacks, ·
forecast
of the future course of an attack (including a plausibility check for the
forecast), ·
scalability
of explanations and forecasts (e.g., depending on the expected risk), ·
provision
of a knowledge base (containing descriptions of attacks, counter measures, and
instructions), ·
maintainability
and comprehensibility of the knowledge about attacks and counter measures, ·
extensibility of the system to timely react on new types of
attacks. In addition, a simulation tool will be developed that creates attack
scenarios under realistic time- and system constraints. This simulation tool
will be used to validate the functionality and the coverage of the early
warning system. Last but
not least, privacy requirements are
taken seriously during the entire development process of the project prototype.
For example, a provider is not allowed to examine the data packets due to
privacy laws. Period: 01/09/2008 -31/08/2011 Partners: Fachhochschule Gelsenkirchen,
T-System Enterprise Services GmbH, ZF Friedrichshafen
AG, nicos AG, mobile solution group GmbH, algorithmica technologies GmbH. |
||||||
Author: Dr. Karsten Sohr |
||||||
|