FIDeS

The project FIDeS (Early Warning- and Intrusion Detection System Based upon Combined AI Methods) funded by the German Ministry of Research and Education (BMBF) aims at developing an advanced, intelligent assistance system for detecting attacks from the Internet both in local area networks and in wide area networks as early as possible. Within the frameworks of FIDeS, not only widely-used Internet protocols such as FTP, SMTP, and HTTP shall be considered, but also newer protocols such as telecommunication protocols, VoIP protocols, and SOAP. This also allows the early warning systems to detect attacks on Internet nodes which may originate from mobile devices. In addition, fraudulent access in security-critical, IT-based business processes of enterprises will also be detected.

Conventional IDS and in particular IDS for anomaly detection usually produce a high false positive rate or do not detect all attacks (false negatives). Complementary to anomaly-based IDS, we develop an early warning system based upon heteroge­neous methods of Artificial Intelligence (AI). This system supports a security officer in analyzing attacks and carrying out appropriate counter measures. Consequently, the project FIDeS focuses more on assistance (such as concrete instructions in case of an attack) rather than on mere intrusion detection. For this purpose, various AI-based methods are employed such as declarative knowledge representation, the generation of explanations, and cognitive as­sistance. However, the integration with an anomaly-based IDS is also envisioned.

Specifically, our assistance system for early warning has the following features:

·        availability of plausible (comprehensible) explanations for attacks,

·        declarative representation of knowledge on attacks, systems to be attacked, and system components  as well as counter measures,

·        interactive assistance on the execution and selection of counter measures for attacks,

·        forecast of the future course of an attack (including a plausibility check for the forecast),

·        scalability of explanations and forecasts (e.g., depending on the expected risk),

·        provision of a knowledge base (containing descriptions of attacks, counter measures, and instructions),

·        maintainability and comprehensibility of the knowledge about attacks and counter measures,

·        extensibility of the system to timely react on new types of attacks.

In addition, a simulation tool will be developed that creates attack scenarios under realistic time- and system constraints. This simulation tool will be used to validate the functionality and the coverage of the early warning system.

Last but not least, privacy requirements are taken seriously during the entire development process of the project prototype. For example, a provider is not allowed to examine the data packets due to privacy laws.

Period: 01/09/2008 -31/08/2011
Funding Body: BMBF

Partners: Fachhochschule Gelsenkirchen, T-System Enterprise Services GmbH, ZF Friedrichshafen AG, nicos AG, mobile solution group GmbH, algorithmica technologies GmbH.