Neue Verfahren zur Anomalie-Erkennung in IP-Netzen.
Roland Kwitt (2005): Neue Verfahren zur Anomalie-Erkennung in IP-Netzen. Fachhochschule Salzburg: Diplomarbeit
This thesis presents a disquisition on dynamic anomaly detection in IP-networks. The first part contains a treatment of a selection of representative approaches in the research field of anomaly detection and provides a summary of the mathematical basics. In the second part of the work, we introduce a new, two-step approach towards anomaly detection, consisting of statistical analysis and machine learning. All concepts are treated step by step on a likewise theoretical and practical basis. Resting upon this new approach, we show encouraging anomaly detection results with respect to a popular intrusion detection data set. Last but not least, we focus on a runtime analysis of the employed algorithms, exemplified by profling results. The work is completed by an outlook on possible enhancements and a summarization of the main outcomes.