Detecting network scans using NetFlow
Type
Bachelor’s or Master’s thesis
Description
This work aims at detecting network scans using NetFlow records. The work includes, but is not limited to
- Systematically analyzing different scanning techniques;
- Identifying characteristics and invariants of scanning techniques;
- Developing detectors for the resulting set of scanning techniques;
- Evaluating the detection performance;
- Analyzing and evaluating impact of NetFlow sampling to detection performance.
This work directly contributes to our BMBF funded research project INSAIN.
Prerequisites
- Knowledge in the ML/pattern recognition area
- Good coding skills (C, Python, Java) and/or knowledge of GNU R
- Good knowledge of prevalent Internet protocols and standards
- Very good in German or good in English language
- Linux skills are a plus
- Creativity and ability to work independently
- Willingness to actively communicate with peers
Working condition
Flexible, no presence required. Home office is possible. Details will be discussed in regular personal meetings. Working place at CASED or h_da can be offered if required/wished.