“The network is the computer,” says an advertising slogan from SUN. As if to prove the truth of these words, in the last 15 years the Internet has developed into an omnipresent media without which we could not imagine large parts of the economy, research and our private lives. The global computer network offers the infrastructure for a wide variety of services that build upon each other and allow us to communicate all over the world, erasing the borders between countries and continents.
In a research and development project, the Institute for Internet Security, in cooperation with the Federal Office for Information Security (BSI), is developing the Internet Analysis System to analyse this network.
With help from IAS, it will be possible to generate profiles in Internet (IP networks), especially from the application layer. Communications traffic will be analysed using probes placed in selected points in the Internet. With the results of the Internet Analysis System it will possible to gather new data, which will help discover trends about the use of specific technologies, observe the state of the system and analyse problems. The results will be presented in a precise and clear way using an evaluation and visualisation system. Additionally, it will be possible to analyse and describe the occurrence and probabilities of attacks. Based on these results, it shall be possible to design short, middle and long-term actions meaningful to the reliable future use of the Internet.
The tasks of the Internet Analysis System can be organised into four areas: profiling, description of actual states, alarm system and prognoses. The main task of profiling is to carry out an extensive analysis and interpretation of the communication parameters of Internet traffic with the objective of recognising profiles and patterns, which describe different states of the Internet. The next step is the search for anomalies and the analysis and interpretation of the causes for changes in state. In the process, it is important to establish whether the anomalies have natural causes or a wilful attack is behind them; if an attack underlies the anomalies, it is particularly important to find the patterns that identify the attack. Exact information about the current state and help from historical data can deliver a warning when traffic changes significantly, which can help to take measures to protect and preserve the functionality of the Internet. Another important function is the visual depiction of the Internet state, similar to a weather or traffic map; it is necessary to find an intuitive depiction where the most important details are immediately recognisable. By examining and analysing the profiles and patterns found, it will be possible to make predictions about changes in state in the Internet; in future, it will be possible to predict and detect planned attacks.
Three Federal Ministry of Education and Research (BMBF) projects emerged from this project, which concerned themselves with different aspects of the topic.
Participating ruhrvalley partners
Institute for Internet Security
The Institute for Internet Security - if(is) is an innovative, independent, scientific facility of the Westphalian University...
Research creates the future. Whether new energy supply concepts, internet safety, intelligent mechatronic systems or new...
finally safe GmbH
finally safe is a technology start-up of the Institute for Internet Security of Wesphalian University of Applied Sciencesand...
Information on funding and further project participants