Architecture & Function
Architecture
The project management is carried out by the Institute of Internet Security in cooperation with the working packet laeders. The project management takes the coordination of the coorporation partners and supports the project process. The tasks are split in individual subtasks which build a prototypical total system. The following table lists up all the individual working packages.
| Subtasks | Work Packet | Short Description |
|---|---|---|
ST 1 |
inventory and rough concept |
|
| WP 1.1 | scientifical/technical iventory | |
| WP 1.2 | usability analysis | |
ST 2 |
development of a data collection system |
|
| WP 2.1 | development of appropriate description | |
| WP 2.2 | analysis and implementation of the data collection system | |
| WP 2.3 | pro-/contra- and data protection analysis | |
| WP 2.4 | data collection for development and tests of methods | |
ST 3 |
anomaly detection |
|
| WP 3.1 | development of a detection method | |
| WP 3.2 | test data for a detection method | |
| WP 3.3 | test and evaluation of methods | |
| WP 3.4 | Realzeitverarbeitung großer Datenmengen real time process of large data | |
ST 4 |
classification and reaction |
|
| WP 4.1 | classification and information fusion | |
| WP 4.2 | reaction | |
ST 5 |
evaluation |
|
| WP 5.1 | evaluation of anomaly detection | |
| WP 5.2 | evaluation of reaction | |
ST 6 |
project coordination |
|
| WP 6.1 | projectmanagement and public relations |
Function
The expected tasks are divided into individual subtasks and end up in a prototype system as a whole. First, a scientific and technical survey and a usability analysis is performed. As all partners contribute their know-how and the industrial partners involved, in both areas can be expected scientific and practical results. The results will hold in the form of documents.
In the second subtask a data collection system will be developed at least by the partners. The goal is to reduce the amount of data from the network traffic without relevant loss of information. This will be achieved by pre-developed adequate descriptions and they will be realized in practice. Here the iAID should be privacy compliant, which is also immortalized in the form of documents. Another result is the execution of tests on the method, which are also suitable documented (for example, error matrix, etc.).
In the third part task an anomaly detection should definitely occur as a result. This in turn is divided into at least one cluster and at least one anomaly method. The anomaly detection is building here on the cluster method. The scientific partners will test different algorithms, so there should arise several processes as a result. An important point in this subtask is still the hardware support for anomaly detection. It is also planned to accelerate the developed methods by GPU or FPGA.
The fourth part deals with task response and classifications of events. One challenge is the meaningful categorization of the events that occur because of the anomaly detection. Thereby different classification methods are tested and developed. Results are also ordered by documents with specific response options and the digital representation in a machine readable format. Also, a taxonomy should be developed in order to find the best reaction to certain incidents measures.
In the fifth subtask the single prototypes of the previous subtasks will be evaluated in the overall system. This mainly concerns the anomaly detection and response. Results are scientific and technical documents which show, for example, how good is the recognition rate or how helpful automatically suggested responses are.
In the sixth subtask named "Project Coordination", the project is organized, followed up quarterly project meetings before and after and performed the public relations.
Top