Changing Network Behavior

The security of computer networks has been in the focus of research for years. While several sophisticated systems had been developed in the area of intrusion detection, new challenges arised. Pattern matching systems are not able to cope with high bandwidth (10 Gbps +) when analyzing the whole payload. Furthermore, new attack schemes arise by increasingly complex software and systems. New approaches like network behavior analyses (NBA) systems show promise for being able to cope with the new threats. These systems evaluate statistical flow data generated from the traffic of the monitored network. While originally designed for optimising traffic handling and accounting in the network, flow data appeared to be powerful for intrusion detection. NBA Systems based on machine learning techniques are able to evaluate these data and to recognize anomalies in the network. However, these systems suffer from a long-lasting learning phase and are susceptible to manipulations during that time. To overcome these shortcomings, we are introducing a fast-learning modular neural network based on pre-processed components. For the development of the new system, the possible attacks on NBA systems have to be investigated and understood in depth.