|Title:||Real-Time and Resilient Intrusion Detection: A Flow-Based Approach|
|Affiliation:||University of Twente, DACS group|
|Supervisor:||dr. ir. A. Pras|
|Start:||1 September 2011|
|End:||31 August 2015|
|Funding:||UNIVERSELF / SURFnet GigaPort 3 / FLAMINGO|
Rick Hofstede is a Ph.D. student at the Design and Analysis of Communication Systems (DACS) group, which is part of the Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) at the University of Twente. He was born in Ulm, Germany, in May 1988 and graduated in Telematics at the University of Twente in 2009 (B.Sc.) and in 2011 (M.Sc.).
Rick's current research is within the context of the UNIVERSELF project, the FLAMINGO NoE and SURFnet's Gigaport3 project on Next-Generation Networks. His main topics of interest of network security (intrusion detection and forensics in particular), Internet measurements and network data visualization.
PhD project description
Due to the design of flow-based monitoring technologies, flow-based intrusion detection systems (IDSs) are both subject to detection delays and susceptible to DoS attacks. Since intrusions should generally be detected as early as possible to minimize their potential damage and perform attack mitigation, the detection can (partly) be moved closer towards the data source, i.e. from flow collector to flow exporter. This can be accomplished by deploying a light-weight IDS on a flow exporter, which can be controlled remotely by a flow collector and/or other IDS. Also intrusions should be shared among the various IDSs.
In the end, the goal is to design a framework for real-time and resilient intrusion detection. This will be achieved by introducing a feedback loop in flow-based monitoring architectures for the exchange of both commands and intrusion detections.
You can find a complete list of publications here.