|Title:||Real-Time and Resilient Intrusion Detection: A Flow-Based Approach|
|Affiliation:||University of Twente, DACS group|
|Supervisor:||dr. ir. A. Pras|
|Start:||1 September 2011|
|End:||31 August 2015|
|Funding:||UNIVERSELF / SURFnet GigaPort 3 / FLAMINGO|
Rick Hofstede is a Ph.D. student at the Design and Analysis of Communication Systems (DACS) group, which is part of the Faculty of Electrical Engineering, Mathematics and Computer Science (EEMCS) at the University of Twente. He was born in Ulm, Germany, in May 1988 and graduated in Telematics at the University of Twente in 2009 (B.Sc.) and in 2011 (M.Sc.).
Rick's current research is within the context of the UNIVERSELF project, the FLAMINGO NoE and SURFnet's Gigaport3 project on Next-Generation Networks. His main topics of interest are network security (intrusion detection and forensics in particular), Internet measurements and network data visualization.
PhD project description
Due to the design of flow-based monitoring technologies, flow-based intrusion detection systems (IDSs) are both subject to detection delays and susceptible to DoS attacks. Since intrusions should generally be detected as early as possible to minimize their potential damage and perform attack mitigation, the detection can (partly) be moved closer towards the data source, i.e. from flow collector to flow exporter. This can be accomplished by deploying a light-weight IDS on a flow exporter, which can be controlled remotely by a flow collector and/or other IDS. Also intrusions should be shared among the various IDSs.
In the end, the goal is to design a framework for real-time and resilient intrusion detection. This will be achieved by introducing a feedback loop in flow-based monitoring architectures for the exchange of both commands and intrusion detections.
- Pavel Celeda, Petr Velan, Martin Rabek, Rick Hofstede, Aiko Pras, Large-Scale Geolocation for NetFlow. In: Experience Session Proceedings of the 13th IFIP/IEEE International Symposium on Integrated Network Management (IM 2013), 27-31 May 2013, Ghent, Belgium (to appear)
- Rick Hofstede, Idilio Drago, Anna Sperotto, Ramin Sadre, Aiko Pras. In: Proceedings of the 14th International Conference on Passive and Active Measurement, PAM 2013, 18-19 March 2013, Hong Kong, China. Lecture Notes in Computer Science, Vol. 7799, ISSN 0302-9743 ISBN 978-3-642-36515-7, pp. 1-10
- Rick Hofstede, Aiko Pras, "Real-Time and Resilient Intrusion Detection: A Flow-Based Approach". In: Dependable Networks and Services. Proceedings of the 6th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2012), Ph.D. Workshop, 4-8 June 2012, Luxembourg, Luxembourg. Lecture Notes in Computer Science, Vol. 7279, ISSN 0302-9743 ISBN 978-3-642-30632-7, pp. 109-112
- Laurens Hellemons, Luuk Hendriks, Rick Hofstede, Anna Sperotto, Ramin Sadre, Aiko Pras, "SSHCure: A Flow-Based SSH Intrusion Detection System". In: Dependable Networks and Services. Proceedings of the 6th International Conference on Autonomous Infrastructure, Management and Security (AIMS 2012), 4-8 June 2012, Luxembourg, Luxembourg. Lecture Notes in Computer Science, Vol. 7279, ISSN 0302-9743 ISBN 978-3-642-30632-7, pp. 86-97
You can find a complete list of publications here.