Difference between revisions of "Rick Hofstede"

From SimpleWiki
Jump to navigationJump to search
Line 37: Line 37:
 
== PhD project description ==
 
== PhD project description ==
  
<to be updated>
+
Due to the design of flow-based monitoring technologies, flow-based intrusion detection systems (IDSs) are both subject to detection delays and susceptible to DoS attacks. Since intrusions should generally be detected as early as possible to minimize their potential damage and perform attack mitigation, the detection can (partly) be moved closer towards the data source, i.e. from flow collector to flow exporter. This can be accomplished by deploying a light-weight IDS on a flow exporter, which can be controlled remotely by a flow collector and/or other IDS. Also intrusions should be shared among the various IDSs.
 +
 
 +
In the end, the goal is to design a framework for real-time and resilient intrusion detection. This will be achieved by introducing a feedback loop in flow-based monitoring architectures for the exchange of both commands and intrusion detections.
 
</DIV>
 
</DIV>
  
 
== Recent publications ==
 
== Recent publications ==
  
Due to the design of flow-based monitoring technologies, flow-based intrusion detection systems (IDSs) are both subject to detection delays and susceptible to DoS attacks. Since intrusions should generally be detected as early as possible to minimize their potential damage and perform attack mitigation, the detection can (partly) be moved closer towards the data source, i.e. from flow collector to flow exporter. This can be accomplished by deploying a light-weight IDS on a flow exporter, which can be controlled remotely by a flow collector and/or other IDS. Also intrusions should be shared among the various IDSs.
 
  
In the end, the goal is to design a framework for real-time and resilient intrusion detection. This will be achieved by introducing a feedback loop in flow-based monitoring architectures for the exchange of both commands and intrusion detections.
 
  
 
You can find a complete list of publications [http://www.rickhofstede.nl/publications/ here].
 
You can find a complete list of publications [http://www.rickhofstede.nl/publications/ here].

Revision as of 09:45, 26 February 2013

Summary
Student: Rick Hofstede
Title: Real-Time and Resilient Intrusion Detection: A Flow-Based Approach
e-mail: r.j.hofstede@ewi.utwente.nl
Affiliation: University of Twente, DACS group
Supervisor: dr. ir. A. Pras
Start: 1 September 2011
End: 31 August 2015
Funding: UNIVERSELF / SURFnet GigaPort 3 / FLAMINGO

Biography

Rick Hofstede is a Ph.D. student at the Design and Analysis of Communication Systems (DACS) group, which is part of the Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) at the University of Twente. He was born in Ulm, Germany, in May 1988 and graduated in Telematics at the University of Twente in 2009 (B.Sc.) and in 2011 (M.Sc.).

Rick's current research is within the context of the UNIVERSELF project, the FLAMINGO NoE and SURFnet's Gigaport3 project on Next-Generation Networks. His main topics of interest of network security (intrusion detection and forensics in particular), Internet measurements and network data visualization.

PhD project description

Due to the design of flow-based monitoring technologies, flow-based intrusion detection systems (IDSs) are both subject to detection delays and susceptible to DoS attacks. Since intrusions should generally be detected as early as possible to minimize their potential damage and perform attack mitigation, the detection can (partly) be moved closer towards the data source, i.e. from flow collector to flow exporter. This can be accomplished by deploying a light-weight IDS on a flow exporter, which can be controlled remotely by a flow collector and/or other IDS. Also intrusions should be shared among the various IDSs.

In the end, the goal is to design a framework for real-time and resilient intrusion detection. This will be achieved by introducing a feedback loop in flow-based monitoring architectures for the exchange of both commands and intrusion detections.

Recent publications

You can find a complete list of publications here.

External links