Neue Verfahren zur Anomalie-Erkennung in IP-Netzen.
Roland Kwitt (2005): Neue Verfahren zur Anomalie-Erkennung in IP-Netzen. Fachhochschule Salzburg: Diplomarbeit
This thesis presents a disquisition on dynamic anomaly detection in IP-networks. The
first part contains a treatment of a selection of representative approaches in the research
field of anomaly detection and provides a summary of the mathematical basics.
In the second part of the work, we introduce a new, two-step approach towards anomaly
detection, consisting of statistical analysis and machine learning. All concepts
are treated step by step on a likewise theoretical and practical basis. Resting upon
this new approach, we show encouraging anomaly detection results with respect to a
popular intrusion detection data set. Last but not least, we focus on a runtime analysis
of the employed algorithms, exemplified by profling results. The work is completed by
an outlook on possible enhancements and a summarization of the main outcomes.