A Stream-based Approach to Network Intrusion Detection

Florian Kohn

Automatic approaches to network intrusion detection have become indispensable for the recognition of malicious activities within a network. With the help of network intrusion detection systems (NIDS), software applications that monitor a network for violations, network administrators can monitor the network against predefined attacks. With the rising complexity of modern day cyber attacks, there is a demand for more expressive specification languages, that allow us to specify complex attack patterns. In this thesis, we introduce a stream-based approach to network intrusion detection, based on an extension of the real-time stream language RTLola with parameterization. In contrast to most state of the art network intrusion detection systems, RTLola can express state-based properties. We address the interesting challenges posed by this strictly more expressive approach and demonstrate the features of RTLola using different real-world examples.

Bachelor Thesis.